LinkedIn Data Breach Results in Phishing Scams
Anyone who’s familiar with the popular “professional world” social media site LinkedIn has probably already heard the news of their data breach. Hackers reportedly gained unauthorized access to millions of user names and passwords; this is slightly more alarming than a typical credit card breach due to the fact that LinkedIn users are representing their professional lives on the site. The potential for harm to their businesses and their reputations is quite real.
Before anyone gets too worried, though, remember…this breach happened four years ago. But there have been new revelations about the data that was accessed in that breach. Data that was stolen back in 2012 has now appeared online for sale, meaning someone is still attempting to use and profit from the personal profiles.
This has prompted the company to urge its users to change their passwords again, just to be on the safe side. Again, it’s not a new breach, but rather a new use for old information. LinkedIn isn’t taking any chances, though, and they’ve emailed the affected users to remind them to take certain steps. The company has also said it’s a good idea for everyone to change their passwords, affected by the breach or not, just to be on the safe side.
There are two highly important takeaways from this whole situation. The first should actually be common sense: once a thief has stolen your information, it’s not a once-and-done deal. This is why Social Security numbers are so much more lucrative than credit card numbers, for example. Credit card numbers can be changed or even just expire on their own, but Social Security numbers can net a thief a big profit for years to come. If there is a way to use stolen information more than once, you can bet a thief will do it.
But the other very important truth in any situation like this is the potential for scams. Phishing emails have already begun to circulate, piggybacking off the headlines associated with the LinkedIn announcement. Recipients are being told to click the link to reset their passwords, which will undoubtedly install harmful software like viruses on their computers.
The genuine LinkedIn warning email contains no link. It simply offers an explanation as to what happened, and then lists the steps users should take. The first step is to go to LinkedIn.com on their own and change their passwords. Again, there is no “click here” link in the genuine email, mostly because you should never, ever click an unsolicited link that you receive. (It’s also fun to point out that the scammers in the phony LinkedIn emails aren’t even trying…they didn’t even capitalize the name of the company.)
Remember, anytime there are headlines for a major event—a natural disaster that leads to phony charity scams, a specific news story that expects the public to take action, or even reports of a data breach that urge consumers to be watchful of their accounts—scammers will do their best to take full advantage. Keep a close watch on your emails, social media messages, and other anonymous sources of communication in order to avoid being scammed.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.