Two days ago I experienced something I didn't think I would ever experience, identity theft and a hack of my LinkedIn profile. I want to share with you the journey that I went through to reclaim my identity and to get the hacker out of my system. This can happen to anyone, so I think it's important that I share with you the steps that I took.
How it all happened
I was winding down for then night when I received an email from LinkedIn telling me that an additional e-mail address had been added to my LinkedIn account. Confused by the email I went to login to my account but discovered that I lost all access to my LinkedIn profile. Within seconds, the hacker had edited my profile – removing my work email and my mobile phone. I lodged a support ticket with LinkedIn that can be found on their help page here My account has been hacked. From there it took me six hours of back and forth communication with the US LinkedIn security team to prove to them who I was and gain access to my account. Once I got that resolve and LinkedIn recognise my personal details, I was able to get back into my profile and I immediately changed my password and added extra security to my account.
Add two-step verification to your account.
More damage done
Interestingly enough, although I had access to my profile and I could email my clients and contacts, I noticed something really strange happening in my in-mail. I noticed all these in-mails were going out with a viral download that said “Hi, I'm sending you this PDF…” (It was some form of the Stock share plan). I could see these messages going out to 10, 20, 30, 40, 50 people. I tried to respond saying, “Hi, this is a spam – don’t respond!” But as I was sending these messages, I noticed that someone was deleting the e-mails as I was sending them!
That’s when I realised – Oh my god, my account is still open! Even though I had regained access to my account – the hacker still had access. The hacker was actually still in my account and emailing on my behalf. I could see messages coming into me like, “Hi Stella, is this a hoax or am I right to download?”, and the hacker would respond to them saying, “No, no download. Go ahead. It’s safe. Cheers Stella.”
The mistake that caused more damage
One very important thing that LinkedIn failed to do was to tell me that I needed to clear or cancel all open sessions on my profile.
I'm really disappointed with LinkedIn. They have really failed me in this area. My LinkedIn profile was open to the hacker (even though I could access it) for 10 hours. They did 10 hours’ worth of damage and that was unnecessary. Had LinkedIn told me that all I needed to do was clear all the active sessions of my profile, a lot of additional damage could have been avoided. There was a session open in Western Australia, that's where the hacker was. Once I cleared that session, that person whoever it was, was out and I was able to reclaim full control of my LinkedIn account.
Make sure you regularly end any sessions you have open.
Where to from here and the learning for you.
Step 1 - Don't download any files that look funny – that might seem obvious but remember, these files might be coming from someone you trust. Someone you are “speaking” too in real time!
Step 2 - Put a two-step security verification on your LinkedIn account. It's really easy for people to hack in and change your email address and delete your mobile phone number when you don’t have two-step verification set-up. A two-step verification means that a text message verification will come to your phone number when you login or make changes to your account. This is actually an important security measure for all your accounts like for example Facebook or your Google profile.
Step 3 - Change your password and don't leave your LinkedIn consistently logged in.
Step 4 - Periodically clear sessions from the back-end.
I hope you found this blog informative and if the virus sent by me has impacted you in any way I do apologise.
Can we send you an email?
Join more than 5,000 other smart finance professionals by signing up to our newsletter. You'll get a monthly email with new blog posts, job news, views, and insider tips. Don’t miss out on this valuable advice!