How much contact and personal information do you provide on your LinkedIn profile and who can see it? Here’s why less can be more.
16 Nov 2023
4 min. read
Several friends have recently asked me how cybercriminals can gain access to their contact data, especially their mobile phone numbers and email addresses. I told them that there are many methods that criminals can use to get such information. A common method involves data stolen in breaches that have affected online platforms and their users for years. This has ultimately given rise to a booming market for stolen personal data, both on the dark web and increasingly on the ‘surface web’.
But there is another possible scenario that can enable anyone with bad intentions to compile their own “contact lists” full of up-to-date and valuable data. Enter LinkedIn, the world’s largest social network for professionals, where criminals once gathered publicly available information on its millions of users quickly, including full names, phone numbers, email address, work information, etc.
This wealth of available information is related to the nature of the platform. LinkedIn users often choose, and understandably so, to share their information, including their personal or professional contact details. An unintended consequence of this is that criminals do not have to rely on information that may have been stolen or leaked years ago and some of which may no longer be current and accurate.
Instead, they can use web scrapers to collect all available information about their potential targets. They may continue to commit identity theft or target users’ employers with business email compromise (BEC) scams or other social engineering attacks.
Among other things, web scrapers can:
- Create a list of employees in a company
Here, the offender only needs to configure the data collection software to access the target company’s “People” tab, resulting in an up-to-date list of employees. Obviously, LinkedIn users tend to keep their profiles up-to-date with their current job information.
- Compile a list of “supply chain targets” relevant to a company
Some criminals may go even further and review interactions on company social media posts to identify potential suppliers and partners, thereby gaining new high-priority targets or potential avenues to attack. supply chain of the main target.
What do you choose to publish?
In many cases, people’s information is publicly accessible or visible only within a user’s network of direct connections. The amount of available information can also vary:
- LinkedIn profiles that do not reveal any contact data outside the platform
By choosing not to share any contact information outside of the platform and your direct connections, you limit the amount of information that criminals can collect on you. Your full name, job title, and your company location will still be visible, of course.
- LinkedIn profiles that make their email address public
While LinkedIn users often share their personal contact information, some may also disclose their current corporate email address. Either way, this could allow malicious individuals to engage in more targeted interactions with their victims, as well as identify them in the typical email format used by the company (although it is clear that far from the only easy way to get that information).
- LinkedIn profiles that make phone numbers public
Some people may choose to disclose their phone number, for example in the hope that recruiters and employers will have an easier time contacting them for interviews or perhaps that it will facilitate an easy communication with potential business contacts or clients. Like emails, however, this can lead to fraudulent calls, messages (aka smishing), potential misuse of data and privacy violations.
The nature of social networking, and of any platform, enables criminals to access some of our data online. However, there are several steps you can take to prevent criminals from accessing your most valuable information on LinkedIn:
- Configure your LinkedIn privacy settings
LinkedIn offers a variety of options to limit the information available outside of your circle of connections. You should apply the same types of steps to other social media sites, but they may be more important on LinkedIn. Check out our article on how to use LinkedIn safely, where we cover this and other aspects of staying safe on the platform.
- Limit the amount of information in your profile
As a social media platform, LinkedIn provides tools for networking and job searching, but consider prioritizing contact through the platform itself and avoid sharing external contact data.
- Do not accept connection requests indiscriminately
There are many bots and fake profiles on the platform, so check the legitimacy of every connection request before accepting it. Also be careful when responding to LinkedIn messages, especially if they ask for your personal information or send you links or attachments.
- Always review the list of your connections
Due to the prevalence of fake profiles, regularly review your list of connections and remove contacts that appear suspicious.
- Be careful about broadcasting your profile updates
You probably don’t need to constantly update your work status when your status changes and broadcast it to the world. Criminals can monitor such changes and can take advantage of your limited knowledge of the new work environment or situation to send you malicious emails or text messages.
To reiterate, be sure to check your profile’s privacy settings to control who can see your contact information and to minimize the risk of unwanted contact or privacy violations. LinkedIn is a valuable social media platform, but it’s important to strike a balance between networking and protecting your personal information.
A step-by-step guide to enjoying LinkedIn safely
Fake friends and followers on social media – and how to spot them
Social media in the workplace: Cybersecurity dos and don’ts for employees