How to avoid your LinkedIn Account being hacked

What would happen if you lost access to your LinkedIn account and it was available to someone with malicious intent? Here’s a simple step-by-step guide to how to use LinkedIn’s own security tools to avoid the likelihood of that happening, and to make sure your account is fully secure…

Step 1: Add your mobile number

This is a the fast, simple and secure key to ensuring you, and only you, can access your LinkedIn profile – because it’s likely you are the only person with access to your mobile phone.

First, log in to LinkedIn, and then click on your little profile photo at top right to access your security settings – shown below.

LinkedIn Privacy & Settings

Figure 1: Go to the ‘Privacy & Settings’ page on LinkedIn

Now you’ll see the simple options to add a phone number, and also check what devices are logged in and where, which we’ll cover in Step 2.

A shortcut to get here (once you’re logged in) is: https://www.linkedin.com/settings/

Figure 2 shows the screen of information you will see after you’ve clicked through on Privacy & Settings:

Account Settings in LinkedIn

Figure 2: Click through (1:) as shown here to add a phone number to your LinkedIn account

Once you’ve clicked through to Add/Remove Phone numbers, (1: in red above) Figure 3 shows the screen of information you need to complete at add a phone number:

Add phone number to LinkedIn

Figure 3: Adding a Phone number to LinkedIn requires you to re-enter your LinkedIn password

You’ll then be prompted to enter a security code, which will be sent to you via an SMS message to the phone number you’ve just added to LinkedIn. Once you have verified your mobile number by entering this security code, your mobile will be registered to your LinkedIn account. You’re done.

What this means is that, in future, you’ll need to enter a verification code sent to your mobile number in future whenever you try to access LinkedIn from a new device – for example your phone or tablet, or a home computer, or if you access it from a new location if you’re travelling.

If anyone else tries to access your LinkedIn account, you’ll be notified right away, because you’ll receive an SMS message and also receive (Figure 5 shows an example) an email to your main registered email address.

By the way, I’d recommend having an additional email address registered to your account. Say home and business addresses. For example, I use a personal Gmail address, so that I can access my account and notifications using this as a ‘fallback’ option. You can add a new email address by clicking on ‘Change/Add’ beside Primary Email, as shown in Figure 2 above.

Step 2: Check where you’re logged on to LinkedIn

Now that you’ve set up your phone number with LinkedIn, it’s worth now checking to see what devices are actually logged in to sessions for your LinkedIn account, and if necessary, signing out from any that are active that might present a security risk.

For example, your work computer may still be logged in to LinkedIn, or a tablet that other people have access to – and so you can sign out those devices from this screen.

Shortcut to this: https://www.linkedin.com/settings/sessions

Check where you are logged in to LinkedIn

Figure 4: Check the devices that are currently logged in to LinkedIn

You can see that I’m logged in to 3 sessions here – my Laptop, my iPhone and my iPad. All are working from the same IP address and from the same location using my home wifi, so there is nothing scary there. However, I should probably sign out of my iPad because someone else is currently using it, and I neglected to sign out.

In the same way, you can see if some device you do not recognise is logged in, and sign that device out immedately. The fact you can see the location helps you spot anything unusual. If you spot a device logged in in a country you’ve never visited, note the details to send to LinkedIn, and sign it out, fast!

Step 3: Test a login on a new device or a new IP address

This is a useful step to make sure your new security settings are operational. Try logging on from a new device, or in a new location. You’ll be prompted to enter a security code as soon as you do this – and this code, of course, will come only to the phone you registered with LinkedIn.

Enter the security code, and your new device will then be registered as an authorised device. This works in the same way if you’re using a new IP address in a new location.

Step 4: Check your email

At the same time as you carry out Step 3, you’ll also receive an email from LinkedIn Security to let you know that access has been attempted from a new device or new IP address / location. An example of this email is shown below.

Verification Email

Figure 5: Verification email from LinkedIn Security. If it’s suspicious, you can change your password from here

 

As you can see, you can immediately spot anything suspicious when you get this email, and anyone trying to get unauthorized access cannot do so without entering the security code that is ONLY sent to your number. So unless they’ve got your phone, you’re safe from attack.

If something like this does happen, it’s worth changing your LinkedIn password (the home/mobile email address is useful in this respect) and contacting LinkedIn to inform them. It also goes without saying, that your LinkedIn password should be quite different from your email password.

Conclusion

So as you can see, the simple procedure of linking your mobile number to your LinkedIn account means the chances of unauthorized access to your LinkedIn account are drastically reduced.

If you have not carried this simple procedure, please do it now.

  • If you found this LinkedIn tip useful, please share with your network or social channels. Stay safe out there…