How well does Linked in’s fraud protection work?

Grant Eldred is the Chief People Officer of the world’s largest law firm – Clifford Chance. I worked with him at the start of his career, he is one of the most professional people I have ever met.

Do you think he would be sending this message?

 

Grant Eldred 12:08 PM
Hi there,

I hope this message finds you well! We have a confidential project from Clifford Chance which we are presently taking on. We are 5 in team and It’s still in initial stages of follow up.

From your profile, We see your competences could be useful. kindly access this proposal via the extension below and advise.

(tinyurl.com/CLIFFORDCHANCEUK)

We look forward to your prompt and…. (you can guess the rest)

Well I reported this nonsense as a phishing attack and suggested to Linked in that the account had been hacked. The link was live on the message and presumably had been sent to Grant’s connections (of which I was one).

Within 30 minutes of  my report, Linked in had sent me this message.



This message was “not what I wanted to see”!

I wrote back to Linked in

This account looks like it has been hacked and is being used for phishing – I have reported it to you and you see nothing wrong – I think you should be more vigorous

I got through to Grant and he confirmed that his account had been hacked and that linked in were in the process of closing it down.

And only two hours after Linked in told me they saw nothing wrong with Grant’s hacked messaging, the account did come down.

But how many people clicked the link? How easy would it have been for me to click the link having been told by Linked in that it did not violate any of its Professional Community Policies.

The Linked In Trust and Safety Team have been found wanting. How accountable are they?

If you want to change the standards of protection, why don’t you send  Linkedin customer support the link to this blog?

After all, if it can happen to the Chief People Officer of Clifford Chance, it could happen to you.


Case closed?

Linked in are good at these mails and they do at least give the impression that someone will look into matters (more than you get from Action Fraud). But the reality is that mails from a hacked account went out and no warning has been sent to those who received them. People will have clicked the link and may have suffered consequences.

Surely Linked in can and should do more where cases like this are brought to their attention.

About henry tapper

Founder of the Pension PlayPen,, partner of Stella, father of Olly . I am the Pension Plowman
This entry was posted in pensions and tagged , , . Bookmark the permalink.

2 Responses to How well does Linked in’s fraud protection work?

  1. ConKeating says:

    I stopped using linked-in for a very long time after suffering a similar incident – I now use it only rarely – that was a few years ago – clearly they have not improved.

  2. Peter Beattie says:

    Henry. A ‘Link’ is a well known trap on ALL Websites ‘professional’ or not. You cannot legislate for all eventualities and ‘common sense’ should always apply. Never send sensitive information via ‘a link on a Website’ – it could go anywhere and ‘absolute safety’ is a falsehood

Leave a Reply to ConKeating Cancel reply