Users should treat messages on LinkedIn with caution, even when they originate from known contacts (who may have been infected). Verification of the existence of any potential role existence should occur outside LinkedIn. The ease with which malware actors can create websites representing bogus employers should be noted.
No job offer should involve the download or execution of files. A legitimate recruiter should not require this.
Apparently common platforms such as Google and Dropbox are not a mark of trustworthiness. The presence of an apparently trusted domain does not indicate safety.
It’s worth LinkedIn users to regularly review any active sessions via LinkedIn settings, and terminating any sessions that seem unfamiliar. Logins from distant or anomalous locations should be treated as indicators that an account has been compromised.
Multi-factor authentication using a hardware security key should be used wherever possible – this won’t prevent session hijacking, but it reduces the likelihood of compromised credentials. LinkedIn supports software passkeys.
If compromise is suspected, users should reset LinkedIn passwords and revoke all sessions.
