is something fishy going on with LinkedIn?

[DigDog]

4h ago i got an email stating that my profile photo got changed on LinkedIn. (by someone in the US)
email looks legit, has got some hyperlinks that lead to Li website, but when i try to check my profile on the web / PC, i've been logged out and my password isn't recognized.
I tried the Android app, that doesn't even launch !

password reset seems to have done the job and, well, my profile pic is gone. nothing else seems out of place.

 

[Torn Mind]

I read somewhere that phishing attacks can now involve legit domains....

 

[DigDog]

so, it happened *again*, after i changed my password.

 

[dank69]

so, it happened *again*, after i changed my password.

Did you use a brand new password, or another password you may have used elsewhere?

 

[DigDog]

Did you use a brand new password, or another password you may have used elsewhere?

brand new password, 12 character, mixed with numbers and symbols.

 

[dank69]

brand new password, 12 character, mixed with numbers and symbols.

I don't know that 12 characters is strong enough anymore. Maybe LinkedIn is susceptible to brute force?

 

[mikeymikec]

Check that unexpected recovery methods haven't been set up on your account.

I don't know else what LinkedIn has, but I was helping a customer unscrew their FB account after a compromise and I found that the attacker had encrypted the customer's private messages, a problem for which the website claims to have a web-based solution for but it doesn't actually work. FB phone app ftw.

Using the phone app, it warned me that the customer would lose access to all their messages if a reset on the encryption was performed, we did it anyway and apparently no messages were lost. Maybe only those sent by the scammer using the customer's account?

Enable 2FA?

 

[dank69]

Do you work for a valuable target? Someone could be trying to social engineer their way into your employer's networks.

 

[DigDog]

Do you work for a valuable target? Someone could be trying to social engineer their way into your employer's networks.

not really, no. Or rather, we are (on one of the various) Fortune 500, but i am a very low-ranking employee, and my personal account is worthless in that, because we have our work-only accounts (which i dont use). i am also nowhere near a department that makes payments because - wisely - these are isolated from the operations department.

I can see that a password may get hacked via brute force, maybe it's just a bot testing penetration protocols, but that it happens twice in a row, the only damage is my photo has been removed, and the second time it happened *after* i changed my password. no messages were sent to anyone.
I ran a windows security scan in safe mode with 0 threats.

 

[DigDog]

i just got an email from twitter ("X") that i got suspended for "trying to circumvent suspension".
I haven't used twitter in, idk, 2 years.
i don't think i even have a password, Brave doesn't store my X login. If - let's assume - i have a keylogger - it would have needed to be there for 2 years.

 

[nakedfrog]

Have you checked yourself on https://haveibeenpwned.com/ ?

 

[compcons]

Secondary recovery options may also be compromised or the options got changed by the attacker. FB has codes buried in your profile to use to unlock your account. LI may be similar.

You may be a "nobody" but you are connected to "somebody" who might click on links or converse with your linkedin profile. Then that account is compromised until they get to someone important.

If necessary, start a conversation with linkedin support directly. Even if you don't give a rip about your account I would suggest that you resolve rhis. Imagine how pissed your CEO will be when they find out the financial fraud was started with your unused LI account. May not be your fault, but does some exec who got care about your "excuses"?

 

[compcons]

i just got an email from twitter ("X") that i got suspended for "trying to circumvent suspension".
I haven't used twitter in, idk, 2 years.
i don't think i even have a password, Brave doesn't store my X login. If - let's assume - i have a keylogger - it would have needed to be there for 2 years.

I assume the email was the threat. Investigate the latest sender and you will probably find out it may look like it came from x but did not. Only the last part of the URL ending with the TLD is valid. You can create a www.twittwr.com/someothergibberishthatistwohubdredcharactwrslong/crap/fakestuf.badguydomain.org/youarefucked. The hosting domain is badguydomain.org but doesn't show that when you check from a mobile mail client. I got one of those from xfinity last week.

 

[DigDog]

I assume the email was the threat. Investigate the latest sender and you will probably fi d out it may look like it came from x but did not. Only the last part of the URL ending with the TLD is valid. You can create a www.twittwr.com/someothergibberishthatistwohubdredcharactwrslong/crap/fakestuf.badguydomain.org/youarefucked. The hosting domain is badguydomain.org but doesn't show that when you check from a mobile mail client. I got one of those from xfinity last week.

came from notify@x.com