This morning I woke up to a LinkedIn security email indicating someone had added an email address to my account, and multiple emails - from many of my 1700+ LInkedIn contacts -indicating they had received a spam message from me via LinkedIn.
So many questions ...
If LinkedIn is smart enough to recognize something is not right with my account - an email account change - aren’t they smart enough to identify an unrelated yahoo account, from a Windows PC (I'm a IOS only girl), in the middle of the night (my resident timezone), from a location half-way around the world, as an account takeover?
Once they send an inquiry regarding a new email address added to the account, that was followed by deleting the existing email on the account, can't they prevent a mass message being sent to all my contacts? Or even just terminate messaging until they confirm the account has not been taken over?
Don't they have technology that can identify a phishing email?
Is sending you a photo of my driver's license really proof I am who I say I am?
How much staff is devoted to resolving Account Takeovers? How much money are they spending dealing with frustrated customers?
And why the heck don’t they have Customer Service available via Chat or Phone?
The reality is that we are just going to get more, and more, and more of this - even to the point where you can’t answer your mobile phone for fear it is unsolicited marketing or spam - until we finally decide that password protection is a joke and Two Factor Authenticator is not only incredibly annoying, but not that much better.
When, oh when, will I be able to use truly secure biometrics - not just a device-based biometric layered on top of a password - to secure access to my mobile phone and social media accounts?
The convenience smartphone biometrics offers is great. Can we now get around to the security part?
Hi Maxine
Your questions are spot on !!!!
I have been evangelising Voice Biometrics as a second factor security token for decades.
The minimum level of security for any secure enquiry should be a biometric token that is not able to be spoofed!!
A random word or digit challenge where only the correct voice saying the random challenge is sufficient authority to make an account change or other 'risk' transaction.
Check out
www.aurayasystems.com
Great questions Max! I haven't had my account taken over, but I have had other issues with LinkedIn, and getting any customer service is extremely frustrating.