We all have online accounts and the process of providing a username and password is quite commonplace, but exactly how strong is your password? Just today on LinkedIn I received a message from a confirmed contact that is also freelance, and it talked about an opportunity, but somehow the message didn’t look quite right to me:
First of all, we know each other, but the wording sounded formal and unlike the person. Secondly, the link was going to something on Amazon Web Services and the page just didn’t look legit:
Finally, clicking the link to Open File brought me to yet another insecure page, that was phishing for my Microsoft credentials:
At this point I was 100% certain that this was a phishing scam, but how did that message get sent within LinkedIn in the first place?
I did a quick text message to my freeleance contact and quickly confirmed that he did NOT send me a message on LinkedIn, rather a hacker had guessed his password and used his account to send out this message. My contact was able to change his LinkedIn password, thus securing control of his account and locking out the hacker.
Moral of the story? Well, if something in a LinkedIn message seems off, or not like the personality of your contact, then confirm before proceeding. When you confirm with your contact, use either email or text, not LinkedIn, because the hacker is logged into the victim’s account and will try to assure you that all is well, when in fact all is not well.