My friend's LinkedIn account was hacked; are you vulnerable too? 🔐

Vinit ShahdeoVinit Shahdeo
6 min read

In today's interconnected world, online security plays a crucial role in safeguarding our personal and professional lives. Today, I want to share a personal story about my friend Sharmishtha, whom I've known since high school and consider part of my extended family. Her LinkedIn account was recently compromised in a targeted scam, leading us on a journey of resilience, recovery, and the power of collaboration in the complex realm of cyberspace. Imagine the consequences of a compromised LinkedIn account: the loss of one's valuable network, which holds substantial significance in today's world where connections are often equated with net worth.

"Your Network is Your Net Worth!" — A Book by Porter Gale.

It emphasizes the importance of protecting our online identity—keep reading, and you'll discover the harsh realities of cybercrime and its impact on individuals through our personal experience.

🔒 The Incident and The Unforeseen Consequences

It all started when she received what appeared to be a legitimate message from a recruiter on LinkedIn. Without suspecting any foul play, she clicked on a drive link that was shared, unknowingly triggering an executable file that ran on her system. This single moment of trust proved costly, leading to devastating consequences. Sharmishtha immediately reported the fraudulent account, but the damage had already been done. She found herself forcibly logged out of her LinkedIn account, with the attacker having changed her email ID. It became clear that the hacker had taken advantage of the initial compromise to gain control of her account, scamming others using her profile.

🔐 Safeguarding Sharmishtha's Compromised LinkedIn Account

As soon as Sharmi discovered the compromise, she reached out to me for help. Together, we took immediate action. First, we disconnected her device from the internet, cutting off the attacker's access. Simultaneously, we tweeted to LinkedIn's support account, seeking their assistance in recovering her compromised account. Thankfully, LinkedIn support acted promptly and temporarily suspended the account, preventing the attacker from further exploiting it.

🛡️ Strengthening Security Measures

Recognizing the importance of her digital presence, we emphasized the need for proactive measures. Advising her on safeguarding her privacy, we recommended covering her laptop's camera, changing passwords for all accounts, and enabling two-factor authentication (2FA) as an extra layer of defense against unauthorized access. Understanding the risks posed by saved passwords, we precisely removed them from her browser, particularly in Google Chrome. Additionally, we asked her to temporarily remove any sensitive documents from her laptop.

🚨 Assessing the Threat

We suspected the presence of a Remote Access Trojan (RAT) or keylogger and conducted a thorough investigation. Together with my trusted friend Shashank, a skilled security researcher, we carefully analyzed the suspicious file using tools like VirusTotal. Surprisingly, even with Microsoft Defender installed on her laptop, it failed to detect the virus, adding another layer of complexity to the attack.

A Remote Access Trojan (RAT) is a type of malware that grants unauthorized individuals remote access and control over an infected system. This gives attackers the ability to monitor activities, capture sensitive information, and carry out malicious actions without the victim's knowledge. In this case, if the executed file was a RAT, it could potentially access all of her files and folders, breaching personal data.

RAT Malware Explained

On the other hand, a keylogger is malicious software or hardware that records every keystroke on a compromised system. This means that passwords, usernames, and other sensitive information entered by the victim can be captured and sent to the attacker. The consequences of a keylogger are severe, including compromised personal data, identity theft, financial loss, and other cybercrimes. Given the potential risks, we recommended that she temporarily block her net banking and credit cards, ensuring we didn't underestimate the capabilities of the attacker.

🚧 Rebuilding Trust

To ensure a fresh start and regain control, we decided to reset Sharmishtha's laptop to its factory settings. This thorough process eliminated any remnants of malware or unauthorized access, providing a clean slate. Finally, we restored her device and reinforced security measures by installing reputable antivirus software, regularly updating software and applications, and maintaining a vigilant approach to identifying and addressing potential vulnerabilities.

Thankfully, LinkedIn successfully recovered Sharmishtha's account after she provided the necessary government ID proofs for verification. The process took three days, during which we anxiously awaited the outcome. My heartfelt thanks to Ishika and Kartikey for their assistance in amplifying our request to LinkedIn support. Finally, receiving the news of her account restoration was a moment of relief and celebration. We celebrated our collaborative efforts and resilience with a house party hosted by our close friend, Ratnesh, who is like a brother to me. He has been there for me since the day I met him! 🎉

Her LinkedIn account is recovered—in/sharmishtha-dash—and the picture below captures us in a celebratory mood, waiting for food to be served before we enjoy the party together!

Vinit Shahdeo in Bengaluru

🔑 Key Takeaways for Enhanced Online Security

Throughout this challenging journey, the expertise and unwavering support of my friend Shashank, a seasoned security researcher, proved invaluable. His presence added an extra layer of trust and collective mitigation steps to our efforts. Together, we established a dedicated space, working tirelessly side by side, leveraging our knowledge and skill sets to tackle the attack head-on.

Below are key learnings and steps to safeguard yourself:

  1. Enable Two-Factor Authentication (2FA): Your passwords aren't good enough—enable 2FA to add an extra layer of security to your online accounts. Whether it's for Instagram, LinkedIn, Twitter, GitHub, or others, 2FA adds an extra barrier against unauthorized access.

  2. Exercise Caution with Links: Be skeptical of suspicious or unsolicited links, especially from unknown sources. Think twice before clicking on them to avoid potential risks or phishing attempts.

  3. Beware of Executable Files: Avoid opening or executing any file unless you can verify its legitimacy and source. Scan it on the VirusTotal and share them with the security community.

  4. Regularly Update and Change Passwords: Protect your accounts by regularly updating and changing passwords. Avoid reusing passwords across multiple platforms for added security.

  5. Use Password Managers: Consider using reputable password managers like 1Password to generate and securely store complex, unique passwords, ensuring strong protection for your accounts.

  6. Keep Your Software Up to Date: Stay proactive in safeguarding your devices by regularly updating your operating system, applications, and antivirus software. Patching vulnerabilities is crucial in maintaining a secure digital environment.

  7. Be Mindful of Personal Information Sharing: Avoid sharing sensitive personal information on public platforms or with unknown individuals to prevent potential misuse.

  8. Educate Yourself about Cybersecurity Best Practices: Stay up-to-date with the latest cybersecurity trends, threats, and best practices. Educate yourself on reliable sources like cybersecurity-insiders to enhance your knowledge and protect yourself from evolving risks.

Passwords aren't good enough—enable 2FA!

In conclusion, our journey highlights the alarming reality of cybercrime and the importance of taking immediate action. Let us strengthen our defenses, share knowledge, and unite in creating a safer online environment. Remember, cybersecurity is a collective responsibility, and by staying proactive and informed, we can protect ourselves and others from the dangers of cyber threats.

Don't be lazy—enable 2FA across all your accounts and regularly update your passwords. Taking these simple but powerful steps is the least we can do to safeguard ourselves against such attacks.

12
Subscribe to my newsletter

Read articles from Vinit Shahdeo directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Vinit Shahdeo
Vinit Shahdeo

Another Software Engineer from India who adores JavaScript! Currently building integrations to help developers connect the APIs in Postman with their favourite tools and services. Say Hi on Twitter:)