Users should treat messages on LinkedIn with caution, even once they originate from known contacts (who can have been infected). Verification of the existence of any potential role existence should occur outside LinkedIn. The ease with which malware actors can create web sites representing bogus employers needs to be noted.
No job offer should involve the download or execution of files. A legitimate recruiter shouldn’t require this.
Apparently common platforms similar to Google and Dropbox should not a mark of trustworthiness. The presence of an apparently trusted domain doesn’t indicate safety.
It’s value LinkedIn users to often review any lively sessions via LinkedIn settings, and terminating any sessions that appear unfamiliar. Logins from distant or anomalous locations needs to be treated as indicators that an account has been compromised.
Multi-factor authentication using a hardware security key needs to be used wherever possible – this won’t prevent session hijacking, however it reduces the likelihood of compromised credentials. LinkedIn supports software passkeys.
If compromise is suspected, users should reset LinkedIn passwords and revoke all sessions.
Read the total article here
