CEO scams, LinkedIn, and you

October 25, 2022
Victoria Lam

We get it: you might need to use LinkedIn for job searches, networking, or directly for your work. 💼

But it also gets used by scammers to collect information useful for social engineering attacks. 💀

If you’ve noticed a big uptick in scam emails, phone calls, and text messages in the past few months, you’re not imagining it — we’ve noticed it, too. 📈

And as we’ve added new members to our team, one particular type of scam has caught our eye: CEO impersonation scams. 👩‍💼

CEO impersonation scams are a type of social engineering attack designed to gain money from the attack’s target or the the target’s employer. The targets of these scams are usually new employees, who are less familiar with their new organization’s structure. The scammers contact the employee over text or email pretending to be the CEO or another leader in the company with an urgent request.

Scammers and fraudsters manage to find out about people’s new employment shockingly quickly. One of the tools they use to find out about new hires is LinkedIn.

How LinkedIn is used

For some people, being easy to find and active on LinkedIn is important for their work. For others, having a strong LinkedIn profile is necessary to stand out in a competitive job market. Whether you use LinkedIn every day or you haven’t thought about your profile in years, your LinkedIn profile and the personal information you provided when you made it might be accessible to others.

Usually, the people who use your LinkedIn profile to contact you are salespeople, recruiters, or others with outward facing roles. They combine LinkedIn with other tools and contact databases to figure out your contact information and get in touch. While it’s annoying to have your inbox clogged by spam, it’s not dangerous — but that can change quickly when people with bad intentions use those same tools.

Scammers and fraudsters can use these tools to send emails and text messages, such as phishing attacks or messages for the CEO impersonation scam we mentioned before. In the worst case, attackers and harassers can use these tools to find your contact information for their harassment campaigns.

LinkedIn offers a lot of granularity in their “visibility” settings, so you don’t have to lose the benefits of your public LinkedIn profile to protect yourself. Below, we’ll show you how to restrict access to your information on LinkedIn so that scammers and strangers don’t flood your inboxes.

Protect your information on LinkedIn

Before you get started adjusting your LinkedIn settings, you should be familiar with some basic terms: When you connect with someone on LinkedIn, LinkedIn calls those people “1st degree connections.” People you aren’t connected to directly, but with whom you share some mutual connections, are called “2nd degree connections.” In more familiar terms, your LinkedIn “friends” are called 1st degree connections, and “friends of friends” are called 2nd degree connections.

When you’re adjusting your settings, your risk level will help you decide how protected you’d like to be. If you’re at high risk of experiencing online attacks and harassment or have been targeted for scams and phishing attacks lately, you might choose to restrict some or all of your information’s visibility to the most protected options: “Only visible to me” or “1st degree connections”. If your risk level is lower, choosing the option “1st degree or 2nd degree connections” lets you keep some of the benefits of a more widely visible account while still limiting how much of your information is shown to strangers. And finally, the option “Anyone on LinkedIn” allows anyone signed in to their LinkedIn account to view your information.

Opt out of sharing your LinkedIn profile with third party apps.

Your profile settings may allow LinkedIn to directly share your profile information with third party services and applications. This allows LinkedIn to share user data in bulk with business contact databases and other services. To opt out, adjust your LinkedIn data sharing settings here.

Adjust your public LinkedIn profile’s visibility.

Your public LinkedIn profile is what people who aren’t signed in to LinkedIn see when they look at your profile. Usually, they find your profile with the help of a search engine like Google. By adjusting your public profile’s visibility settings, you can control what parts of your LinkedIn profile these strangers can see. You can even choose to keep them from viewing your LinkedIn profile at all by switching your profile’s public visibility to off. Adjust your LinkedIn profile’s public visibility here.

Restrict who can access and export your email address.

In your visibility settings for your email addresses, you’ll be able to control who can see your email address. To keep your contact information from being added to business contact databases, we recommend against having your email addresses visible to “Anyone on LinkedIn.”

At the bottom of this page, you’ll see a setting called “Allow connections to export emails”. Toggle this setting to the off position to prevent your information from being exported to third party tools and contact databases.

Restrict who can find you using your email address.

Depending on your visibility settings, strangers who have found your email address might be able to use that information to find your LinkedIn profile. Business contact databases often maintain applications or browser extensions that help automate this process using their database of contact information. To limit who can use your email address to find you on LinkedIn, adjust your ”Discover by email” settings here.

Restrict who can find you using your phone number.

Your visibility settings may also allow strangers to use your phone number to find your LinkedIn profile. Just like with your email address, business contact databases help automate this process using their database of contact information. To limit who can find your profile using your phone number, adjust your “Discover by phone” settings here.

Review your other visibility settings on LinkedIn.

In this blog post, we’ve highlighted the most important settings for keeping scammers and fraudsters from taking advantage of your LinkedIn account — but LinkedIn has many more options for controlling your profile’s visibility. Reviewing all the options can feel overwhelming, but if you’re feeling the LinkedIn energy, it’s great to know who can see what you share on LinkedIn. You can review your other LinkedIn visibility settings here.

Check in with yourself.

While taking steps to make your information harder for scammers to find will decrease the amount of scams targeting you, you’ll probably still receive some scam messages and phishing attacks. You can protect yourself from stray suspicious messages and calls when you receive them by checking in with yourself. Ask yourself if the message or call is designed to make you feel anxious, hurried, stressed, or afraid. If it is, it might be a scam.