Does your LinkedIn profile reveal too much?


Social networks

How much contact and personal information do you disclose in your LinkedIn profile and who can see it? Here’s why less can be more.

Does your LinkedIn profile reveal too much?

Several friends recently asked me how cybercriminals can access their contact data, including cell phone numbers and email addresses. Basically, I told them that there are several methods that criminals can use to gather such information. A common method is to steal data in breaches that have affected online platforms and their users over the years. This ultimately gave rise to a booming market for stolen personal databoth on the dark web and increasingly also on the “Surface Web”.

But there is another possible scenario that could allow anyone with bad intentions to build their own “contact list” filled with up-to-date and valuable data. Enter LinkedIn, the world’s largest social network for professionals, where criminals have already been able to collected publicly available information about millions of its users with relative ease, including full names, phone numbers, email addresses, workplace information, etc.

This wealth of available information is linked to the very nature of the platform. LinkedIn users often, understandably, choose to make their information public, including their personal or professional contact information. An unintended consequence of this is that criminals do not need to rely on information that may have been stolen or leaked years ago and some of which may no longer even be current and accurate.

Instead, they can exploit web scrapers to collect all available information about their potential targets. They can then commit identity theft or target users’ employers with business email compromise (BEC) or others social engineering attacks.

Among other things, web scrapers can:

  • Create a list of company employees

Here, the offender only needs to configure the data collection software to access the “People” tab of the target company, which provides an up-to-date list of employees. Obviously, LinkedIn users tend to keep their profile updated with information related to their current job.

  • Compile a list of “supply chain targets” linked to a company

Some criminals may go further and examine interactions on company social media posts to identify potential suppliers and partners, gaining new high-priority targets or potential ways to attack the company’s supply chain. main target.

What do you choose to publish?

In many cases, people’s information may be either publicly available or visible only to people in a user’s network of direct connections. The amount of information available may also vary:

  • LinkedIn profiles that reveal no contact data outside of the platform

By choosing not to share any contact information outside of the platform and your direct connections, you significantly limit the amount of information criminals can collect about you. Your full name, your position and the geographical location of your company will of course always be visible.

image linkedin-1
Contact details accessible to people not on the direct connections list (i.e. 1st degree)
image linkedin-3
Contact details accessible to people not on the direct connections list (i.e. 1st degree)
  • LinkedIn Profiles That Make Their Email Address Public

Although LinkedIn users often share their personal contact information, some may also disclose their current work email address. Regardless, this could allow malicious individuals to engage in more targeted interactions with their victims, as well as educate them about the typical email format used by the company (although this is obviously far from ‘be the only simple way to acquire this information).

  • LinkedIn Profiles That Make Phone Numbers Public

Some people may choose to disclose their phone number, for example in the hope that recruiters and employers will have an easier time contacting them for interviews or perhaps it will make it easier to communicate with business contacts or potential clients . However, just like with emails, this can lead to fraudulent calls and messages (i.e. smashing), potential misuse of data and breaches of privacy.

image linkedin-2
Contact details of people previously added to the network of connections

Mitigate Risk

The very nature of social media, and any platform, allows criminals to access some of our online data. However, there are several steps you can take to prevent criminals from accessing your most valuable information on LinkedIn:

  • Configure your LinkedIn privacy settings

LinkedIn offers various options for limiting the information available to people outside of your circle. You should apply the same type of metrics on other social media sites, but it can be especially important on LinkedIn. Check out our article on how to use LinkedIn safelywhere we covered this and other aspects of security on the platform.

  • Limit the amount of information in your profile

As a social media platform, LinkedIn provides networking and job search tools, but consider prioritizing connections through the platform itself and avoid sharing external contact data.

  • Do not accept connection requests indiscriminately

There are many robots and fake profiles on the platform, so check the legitimacy of each connection request before accepting them. Also be careful when responding to messages on LinkedIn, especially if they ask for your personal information or send you links or attachments.

  • Check the list of your connections regularly

Given the prevalence of fake profiles, regularly review your connections list and remove contacts that appear suspicious.

  • Be careful when posting your profile updates

Maybe you don’t always need to update your employment status as soon as your situation changes and broadcast it to the world. Criminals could monitor these changes and exploit your limited knowledge of the new environment or work situation to send you malicious emails or text messages.

To reiterate, be sure to review your profile privacy settings to control who can see your contact information and thus minimize the risk of unwanted contact or privacy violation. LinkedIn is a valuable social media platform, but striking a balance between networking and protecting your personal information is crucial.


A step-by-step guide to enjoying LinkedIn safely

Fake Friends and Followers on Social Media – and How to Spot Them

Social Media in the Workplace: Cybersecurity Dos and Don’ts for Employees

Leave a comment