Only twice in my time on the LinkedIn platform have I ever written anything that achieved a large circulation and multiple shares.
The first was back in 2017 when I suggested that a big recruiting event that I was attending was, in fact, crap.
The second was last week when I wrote a couple of paragraphs* about LinkedIn being used to deliver what I now know are spear phishing attacks. It appears that LinkedIn is well aware of the issue and shut down the attacks on me pretty much as soon as I reported them. However, others pointed out that given how much professional users (including me) pay for LinkedIn you might think that they would try to make sure that malicious users never get inside the site in the first place.
On doing more legwork it turns out that knowledge-based targeted fraud through professional platforms is a huge issue. If organised crime doesn’t worry you enough then warnings to citizens from the U.S. National Counter-Intelligence and Security Center, France’s DGSI/DGSE, the UK’s MI5 and Germany’s BfV about highly organised attacks against major businesses and prominent individuals over the last five years by the Chinese intelligence services should make sure that you don’t sleep very well tonight.
It’s not just LinkedIn of course, Google, Facebook, really just about any social media platform you can think of, has been used maliciously by some very bad people indeed.
Now, given what I do for a living, I have a strong professional interest in making sure that people not only trust me but also trust any communications from me – especially the ones where I introduce myself for the first time. It matters a great deal that nobody for one moment thinks I am a bad actor and that my various accounts are not compromised.
Given that I’m 55, failed Higher Maths in 1980 and don’t work for GCHQ, I can’t really offer much in the way of technological solutions to these problems.
What I can do though is point out some things about me and my various business and personal profiles that might help prove that I am what I say I am and that could conceivably be useful to you.
First off, my LinkedIn profile: I’ve deliberately made it as different as the rules allow. For instance, the background picture is mine so if you search it on Google you won’t be directed to a stock photograph. Also if you see my profile picture change to one of a man in a suit I’ve been hacked. The rubbish that I post is all original – I rarely share articles. Someone pointed out the other week that my content always sounds “Ivorish”. As a bonus, it turns out that LinkedIn’s algorithm rewards original content and graphics, so there is that too.
Second up, there’s a Twitter site belonging to me that you can find quite easily. It’s not safe for work, talks about politics and other controversial stuff and is blocked by some quite important people. It is definitely mine though. Once again it has original graphic content and you can connect it back to my LinkedIn profile and verify that the same person is the author of both.
The third thing is our website – the place that you came to read this blog. If you take some time to look around (and you should) you can see that we are wilfully different – no pictures of middle-aged men in suits or generic scientists looking down generic microscopes. I confess that for reasons of design we had to use stock images in this first draft of our website – through the course of the next few months many of the stock images will be replaced by original material. Most blog articles, this one included, are now illustrated with my own pictures. Once again I don’t copy material for my blog – it’s all written by me at the moment. Fresh copy and original graphics are well rewarded by Google’s algorithm too. Prints of the pictures are also available if you really like them.
In summary, it wasn’t the strategy at the start but it most certainly is the strategy now to make sure that my online presence has a “fingerprint” that clearly shows the author in a way that is difficult to copy. Unpleasant people might be able to reproduce some of it but I doubt they could imitate it all.
As many of you know, I spend a lot of time travelling to meet clients and potential clients and droning on to them in person. Not only does nearly 20 years of doing this in medical technology help me sound like I know what I talking about (I actually do know what I’m talking about by the way) it also means that there are people out there who know me that you can call who will confirm that I’m not the product of a Russian troll farm.
I’m genuinely interested to hear if anyone else has any hints and tips that they can safely divulge that might stop others from being caught out.
Don’t have nightmares now…
If you are unaware of spear phishing this article is as good a primer as any: https://searchsecurity.techtarget.com/definition/spear-phishing