• Home Insights Cyber Security: The social network where everyone’s been netted
29 Jul 2021

Cyber Security: The social network where everyone's been netted

By Stuart Slater

Social networks are one of the most common ways we communicate in the 21st century. We use them for entertainment, social interaction and even business. But with all the personal details we put on social media, how easy is it to use that information to manipulate somebody into doing something they shouldn’t? This is where phishing comes in…

Phishing

Well, it’s not to be confused with the activity of sitting in front of a lake for six hours in the pouring rain with nothing more than a rod and a net. Phishing is an attack performed by crafty criminals who attempt to trick a user into doing something they shouldn’t, such as visiting a dodgy website or downloading a malicious application.

There are many variations of types of phishing as well, which if referred to correctly will definitely impress your cyber security team:

  • Vishing
    An attack where an unsavoury character will call you up and ask for information about yourself, tricking you into providing personal confidential information. A common example of this is when you might get a call from somebody purporting to be from a certain large technology organisation’s support department, when in reality it’s a chap in a call centre with the aim of extorting money from you
  • Smishing
    Keeping on the same track as vishing, it involves your phone, however the method isn’t to call but to text message a user instead. A very common example that’s been in the news recently was the Royal Mail scam, where a group of individuals were sending messages to say a package was ready for delivery but required payment before collection

Why does all of this matter?

Well, we may be in for a tough ride over the next couple of months. As recently as March 2021, the National Cyber Security Centre reported that in the last 12 months 83% of businesses and 79% of charities have experienced a phishing attack.

Making matters worse, as of 27th June 2021, over 700 million LinkedIn records had been put on hacking forums and were being sold to anyone who wished to purchase them. What makes this different to other breaches is this is up-to-date and current data that was obtained as recently as this year. Often data breaches are a mixture of old records that aren’t relevant any more.

The one solace that we can take is that LinkedIn has said that no confidential information such as passwords has been stolen, however the following has:

  • Email addresses
  • Full names
  • Phone numbers
  • Physical addresses
  • Geolocation records
  • LinkedIn username and profile URL
  • Personal and professional experience/background
  • Genders
  • Other social media accounts and usernames

How was this data obtained?

It turns out the data was obtained using the publicly available LinkedIn API (a method where two different programs can talk to each other). This isn’t the first time this has happened either – a data leak using the same method occurred back in April 2021.

And for those wondering, I have confirmed that my own data has been leaked, and I am sure that given an estimated 92% of LinkedIn’s user base are affected, you may well be reading this and wondering whether you’re affected too.

So how do I find out if it’s been leaked?

The first thing to do is check the LinkedIn Data Breach Checker set up by CyberNews.

The second step is to check HaveIBeenPwned, a website that allows you to check your email address or mobile number across years’ worth of data breaches and see what information was leaked.

Once you’ve done both of those things, I would change your password on any affected accounts and the associated email addresses. If there is the ability to turn on multi-factor authentication (MFA/2FA) then do so.

What can I do to protect myself as an employee?

A common mantra used in cyber security is that humans are the first line of defence against attackers, but they’re also often the most vulnerable if not trained properly. Request from your employer any cyber awareness training that is available to you, and if not, check websites like the National Cyber Security Centre to find top tips on how to secure yourself from attackers.

Get in touch

Related insights

Landwise: farming and estates magazine

23 April 2026

Read

Employee share awards – let’s talk about tax valuations

23 April 2026

Read
PKF Francis Clark colleagues celebrating our B Corp certification at Bristol harbourside

PKF Francis Clark is now a Certified B Corporation™

21 April 2026

Read
Two colleagues chatting whilst walking from a meeting room.

Does your law firm need to register as a tax adviser with HMRC?

20 April 2026

Read
Three individuals in business attire are seated around a table, engaged in a discussion while looking at a laptop and holding documents with charts.

Pillar 2: What you need to know before 30 June 2026

15 April 2026

Read
business people sit around a table and one, a man stands talking, they are in a modern office and all wearing smart suits

Our response to the key elements of the latest SRA consultation

15 April 2026

Read
A coffee shop worker fills in paper work while sated at a high bar.

R&D claim notification form deadlines: When and how to submit

14 April 2026

Read

From employee to partner: What new law firm members need to know

14 April 2026

Read
One man tests out his latest technological innovation while a second man writes down the data.

Contracted out R&D vs externally provided workers: understanding the key differences

13 April 2026

Read
Nick Harris in a suit and open necked shirt

Nick Harris and Lucinda Coleman appointed liquidators of Troax Lee Manufacturing Limited

9 April 2026

Read
Audit partner Mike Hall at Bristol harbourside

International audit specialist promoted to partner at our growing Bristol office

9 April 2026

Read
A casual business meeting between three people

Common EMI questions we see in practice

7 April 2026

Read