29 Jul 2021

Cyber Security: The social network where everyone's been netted

By Stuart Slater

Social networks are one of the most common ways we communicate in the 21st century. We use them for entertainment, social interaction and even business. But with all the personal details we put on social media, how easy is it to use that information to manipulate somebody into doing something they shouldn’t? This is where phishing comes in…

Phishing

Well, it’s not to be confused with the activity of sitting in front of a lake for six hours in the pouring rain with nothing more than a rod and a net. Phishing is an attack performed by crafty criminals who attempt to trick a user into doing something they shouldn’t, such as visiting a dodgy website or downloading a malicious application.

There are many variations of types of phishing as well, which if referred to correctly will definitely impress your cyber security team:

  • Vishing
    An attack where an unsavoury character will call you up and ask for information about yourself, tricking you into providing personal confidential information. A common example of this is when you might get a call from somebody purporting to be from a certain large technology organisation’s support department, when in reality it’s a chap in a call centre with the aim of extorting money from you
  • Smishing
    Keeping on the same track as vishing, it involves your phone, however the method isn’t to call but to text message a user instead. A very common example that’s been in the news recently was the Royal Mail scam, where a group of individuals were sending messages to say a package was ready for delivery but required payment before collection

Why does all of this matter?

Well, we may be in for a tough ride over the next couple of months. As recently as March 2021, the National Cyber Security Centre reported that in the last 12 months 83% of businesses and 79% of charities have experienced a phishing attack.

Making matters worse, as of 27th June 2021, over 700 million LinkedIn records had been put on hacking forums and were being sold to anyone who wished to purchase them. What makes this different to other breaches is this is up-to-date and current data that was obtained as recently as this year. Often data breaches are a mixture of old records that aren’t relevant any more.

The one solace that we can take is that LinkedIn has said that no confidential information such as passwords has been stolen, however the following has:

  • Email addresses
  • Full names
  • Phone numbers
  • Physical addresses
  • Geolocation records
  • LinkedIn username and profile URL
  • Personal and professional experience/background
  • Genders
  • Other social media accounts and usernames

How was this data obtained?

It turns out the data was obtained using the publicly available LinkedIn API (a method where two different programs can talk to each other). This isn’t the first time this has happened either – a data leak using the same method occurred back in April 2021.

And for those wondering, I have confirmed that my own data has been leaked, and I am sure that given an estimated 92% of LinkedIn’s user base are affected, you may well be reading this and wondering whether you’re affected too.

So how do I find out if it’s been leaked?

The first thing to do is check the LinkedIn Data Breach Checker set up by CyberNews.

The second step is to check HaveIBeenPwned, a website that allows you to check your email address or mobile number across years’ worth of data breaches and see what information was leaked.

Once you’ve done both of those things, I would change your password on any affected accounts and the associated email addresses. If there is the ability to turn on multi-factor authentication (MFA/2FA) then do so.

What can I do to protect myself as an employee?

A common mantra used in cyber security is that humans are the first line of defence against attackers, but they’re also often the most vulnerable if not trained properly. Request from your employer any cyber awareness training that is available to you, and if not, check websites like the National Cyber Security Centre to find top tips on how to secure yourself from attackers.

Get in touch

Related insights

HMRC’s consultation on transfer pricing: what you need to know

30 May 2025

Read

UK abolishes non-domicile tax status in 2025: What you need to know

27 May 2025

Read
An office worker sits in front of a computer whilst looking at a notepad with his mobile phone held to his ear.

Payrolling benefits in kind FAQs

21 May 2025

Read

New UK-EU agreements – What this means for British businesses

20 May 2025

Read

FireText Communications sold to Norwegian buyer

20 May 2025

Read
Two colleagues deep in thought discussing what they see on a laptop

Redundancies and tax considerations for employers in the South West

19 May 2025

Read

R&D claim tribunal: Realbuzz case

15 May 2025

Read
Employees of an international law firm sitting at a large table in a well-lit conference room.

Salaried members rules update

14 May 2025

Read

US-China tariffs: pause and reduction

13 May 2025

Read

Inheritance tax: planning for changes to business property relief

12 May 2025

Read
A view across the Thames river towards Big Ben and the Houses of Parliament, the Union Jack is raised high against a sky of purple hues.

US-UK trade deal: What you need to know

9 May 2025

Read

The India-UK free trade agreement: Key actions for UK businesses

7 May 2025

Read