Confidential Information to Exclude From LinkedIn Profile

Your LinkedIn profile might be helping threat actors map a path to your front door. I know that sounds dramatic, but here's what's actually happening: LinkedIn's location data, the kind that shows your city, neighborhood, or even specific area, is quietly becoming one of the most valuable pieces of information for attackers. They're taking that data, cross-referencing it with data brokers and dark web sources, and building detailed profiles of executives and their families. If you're a business leader or security executive, here are three things you need to do right now: 1. Remove location from your LinkedIn profile Go to your settings today and scrub any location details that go beyond what's professionally necessary. (Link to location in the comments) 2. Continuously monitor and scrub footprint Traditional security measures matter, but they don't address the root problem: your exposed personal information is already out there, being collected and sold. Continuous monitoring and removal of this data is the only way to stay ahead of threats that evolve daily. 3. Protect your family's digital footprint, not just your own Your data footprint is co-mingled with family members’ data. You can lead publicly while staying protected privately, but it requires being intentional about what information you make available and where.

Reducing Phishing Attempts Against My Company After six months of effort, I wanted to share my journey in erasing myself from various websites holding my contact information. Many of these sites exist to aid sales teams…fair enough, they’re doing their hustle…but it also opens the door to spammers and phishing attacks. All one has to do is search their name and current or past one or two company names! Here’s what I’ve found and also will share the impact of my efforts: 1. Source of the Issue: Almost all phishing attempts seem to trace back to LinkedIn, possibly through the misuse of recruiter or sales accounts. 2. Anonymize Your Profile: Removing your last name (using just the initial) and modifying your LinkedIn URL can limit exposure. 3. Limit Company Info: I took down recent and current company information entirely. No current company listed…one less phishing target that way and that worked well. 4. Direct Request Works: Nearly every aggregate site I contacted removed my info after I cited stress and security risks to my employer. If you’re polite but firm about the cyber risk, most respond quickly. Best to contact them, some automated link removals are bogus. 5. Minimize Public Data: Besides hiding my last name from non-connections, I took down references and certifications. Even PDFs can be scraped, exposing full names. 6. Reconsider Removal Services: Some offer to erase your data, but it’s a rinse and repeat cycle as sites rescrape LinkedIn. My approach was to strip as much public info as possible but leave behind a challenge for them if they try again with my stripped down public profile…so far, it hasn’t resurfaced. I also see zero phishing attempts in our mail system and also a 99% reduction in spam. It is really nice! Hope this helps someone. If you want to know more about my findings, let me know. I might do a whitepaper on this one day, but for now, I trust everyone here can see the benefits of trimming down public details to reduce phishing and spam at work coming from LinkedIn. It’s not perfect, but reducing the problem is better than doing nothing. There are tons of things to do but I am running out of space in this post. 🤣 Mahalo PS: I get it, some need their information out there for job searching or business sales reasons. This is for those who are tired of the same thing and want to stop the madness for our current work and personal reasons. #spam #phishing #aggregatesites

My Dear #LinkedIn Connections! A lot of you have left sensitive personal data right on your profile with public visibility. Anyone can view this info on your profile. This includes IM usernames, precise addresses, personal email addresses, birthdates and sometimes even personal phone numbers (not work phones), with all these info publicly visible. I could see a lot of you doing this, in my connections. 𝗔𝗻𝘆 𝗶𝗻𝗳𝗼 𝘆𝗼𝘂 𝗵𝗮𝘃𝗲 𝗽𝗿𝗼𝘃𝗶𝗱𝗲𝗱 𝘁𝗼 𝗟𝗶𝗻𝗸𝗲𝗱𝗜𝗻 𝗼𝗻 𝘆𝗼𝘂𝗿 𝗽𝗿𝗼𝗳𝗶𝗹𝗲 𝗶𝘀 𝘃𝗶𝘀𝗶𝗯𝗹𝗲 𝘁𝗼 𝗲𝘃𝗲𝗿𝘆𝗼𝗻𝗲 𝗯𝘆 𝗱𝗲𝗳𝗮𝘂𝗹𝘁, go to your 𝗽𝗿𝗼𝗳𝗶𝗹𝗲 𝘀𝗲𝘁𝘁𝗶𝗻𝗴𝘀 to immediate change it to limit unauthorized visibility to your personal info. I initially didn't believed that most of you would do it, but almost 70% of my connections have sensitive PII info made available to anyone who can see your profile. Go ahead, check your profile and limit the info, unless you want to intentionally make certain info publicly available (such as work emails/work contact numbers). Even experienced CISOs and tech leaders working in Identity Management have their precise address, phone and personal email, DOB visible on their profile. I reached out to a few of you, but ultimately there's way too many. There's a little lock icon next to each section which shows who can view this info that can be changed. This information can be viewed from someone's profile by clicking the "Contact info" button. Of course, there's few who intentionally make this available for potential recruiters to make it easier to reach out to you, but the vast majority's info seems pretty unintentional to me.