Security Social Media

Should You Accept LinkedIn Invites from Strangers?

Dann Albright 08-07-2016

A recent survey, reported in SC Magazine, found that 24% of surveyed LinkedIn users have connected with people they didn’t know on the professional social network, despite LinkedIn’s repeated warnings not to do so. Why is this an issue?


Because LinkedIn can be a vector for spear-phishing and other types of attacks 3 Things Your Antivirus Doesn't Take Care Of Antivirus softwre should be installed on every computer, but what doesn't it take care of? Which aspects of your antivirus could leave you or your business exposed, even when you've installed and updated? Read More .

Never thought of it that way? Neither had the 69% of survey respondents who hadn’t considered that some of the people they’d connected with via LinkedIn might not actually be real people. The results of this survey are worrying, and it’s time to review some good LinkedIn security practices.

Not Always So Professional

While the majority of interactions that take place on LinkedIn are professional in nature — making connections, finding mentors 4 Tips To Contact Anyone & Ask Them To Be Your Career Mentor For those looking to develop in a field, mentors are essential. Alas, you can’t pick up a mentor from the shelves of Walmart. Here are a few tips when looking for career mentoring. Read More , looking for jobs — it can also be used as a platform to launch attacks against unsuspecting victims. LinkedIn is a good platform for this partly because people are often unsuspecting. If you get a direct message on Twitter with a job offer, you’d be immediately suspicious. But if you got one on LinkedIn, you might be intrigued enough to look into it.


Many people don’t place a whole lot of faith in strangers on Facebook and Twitter, and for good reason; there’s no way to know who it actually is. The same is true on LinkedIn, but because it’s seen as a professional network, the number of connections that a person has can be perceived as their reputation or veracity, especially if that person is connected to people you know. When you think about it, this doesn’t make much sense, because if you’re connecting with people you don’t know, why wouldn’t your colleagues and connections?


This easy mistake seems relatively harmless, but it could be very damaging if the person you’re connecting with is a scammer or malware distributor.

How You Can Be Attacked on LinkedIn

There are a number of ways that you could potentially be victimized on LinkedIn, and some that are more likely to show up. LinkedIn is a great platform for highly targeted social engineering How To Protect Yourself From These 8 Social Engineering Attacks What social engineering techniques would a hacker use and how would you protect yourself from them? Let's take a look at some of the most common methods of attack. Read More and spear-phishing attacks, because users post so much information about themselves that’s available to their connections. Job history, education, organizations you’re a part of, people you know, and a lot of other personal information is encouraged on LinkedIn, and all of those things can be used to target you for an attack.

Of course, as with most emails and messages, there’s always the possibility of being sent a malicious link that will download malware to your computer. All it takes is one click and the right (or wrong) browser security settings, and your computer could be hit.



More platform-specific threats, are also present. For example, you might receive a message that says you’ve been selected for a year of free LinkedIn Premium; it could include a username and password box for you to fill out to receive your free upgrade. But when you enter that information, it will be sent back to the sender, and delivering your login credentials to a complete stranger. A scammer.

Other scammers will encourage you to get in touch with them outside of LinkedIn, potentially leaving you open to email-based attacks How to Spot Unsafe Email Attachments: 6 Red Flags Reading an email should be safe, but attachments can be harmful. Look for these red flags to spot unsafe email attachments. Read More that could result in you giving up valuable personal information.

Staying Safe on LinkedIn

Obviously, the best thing you can do is to never connect with someone you don’t know, but that may not be an optimal strategy for you. Maybe you try to make connections within your field, or you’re looking to get in touch with someone at a specific company, and you want to use LinkedIn to do it.

If you do decide to connect with someone that you don’t know, it pays to do your research. Look closely at their profile and see if they look like a legitimate professional. If their profile is full of irrelevant information and spelling errors, you should deny the request. If anything just looks off, don’t connect.


Once you’ve decided to connect with someone, you may want to do a bit of research outside of LinkedIn first. Go to your potential contact’s employer’s website and see if they’re in the staff list. Google their name to see if it’s one that’s been associated with scams in the past. See if you can find social profiles on other networks and if they show any warning signs.

If you’re communicating with someone and they ask for your email address, or for a way to get in touch with you outside of the LinkedIn messaging system, be very careful about agreeing. In some cases, it might be necessary or a good idea, but don’t just give out your contact information to anyone who asks. Remember, that’s the first step in a targeted spear-phishing or social engineering attack.

It’s also a good idea to update your privacy settings. For example, you may not want to share your list of connections with everyone, as that can be valuable information for an attack. Many of the other settings in the Privacy tab can also be optimized for increased security by reducing the amount of information you share.



In general, you’ll just want to follow the standard security and privacy practices 7 Important Email Security Tips You Should Know About Internet security is a topic that we all know to be important, but it often sits way back in the recesses of our minds, fooling ourselves into believing that "it won’t happen to me". Whether... Read More that we recommend for email when you’re dealing with InMail. Don’t give out any more information than you absolutely need to, make sure you know who you’re in contact with, and always be a little suspicious. If you keep those tips in mind, you’ll be fine.

Use Common Sense

No matter how you use LinkedIn, you can almost certainly make it a little more secure by using some common sense and remembering that LinkedIn, like any other social network, can be used for spear-phishing and social engineering attacks. You probably won’t be targeted, but why take the chance? Be a little more discerning about who you connect with, and you’ll be much safer.

Are you worried about scammers on LinkedIn? Or do you connect with anyone who sends you a request? We want to hear about it in the comments below!

Related topics: LinkedIn, Online Security, Phishing.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    July 12, 2016 at 5:50 pm

    Do Not Give/Accept Recommendations/Endorsements To/From People Without A Photo/You Do Not Know Personally.

    If You Have Made A Mistake, Correct It As Soon As Possible ( Editing Features Are Sometimes Hidden, But They Exist ).

    Keep All Folders Free Of Spam, Especially The Annoying Pending Invitations Above ( Gotcha ).


    • Anonymous
      July 12, 2016 at 5:55 pm

      Also, To Help Organize Connections, Take Advantage Of The Tagging Features.


    • Dann Albright
      July 13, 2016 at 8:08 pm

      Yeah, giving recommendations to people you don't know isn't a good idea either. Not sure if it's a security risk, but it almost certainly won't do you any good from a networking perspective!

      • Anonymous
        July 14, 2016 at 3:11 am

        Thank You For Responding.