Microsoft on their blog announced the launch of a new verification method for LinkedIN.
“We’re thrilled to announce that millions of LinkedIn members will be able to verify their place of work with a Microsoft Entra Verified ID credential. By simply looking for a Verification, members and organizations can be more confident that the people they collaborate with are authentic and that work affiliations on their profiles are accurate.”
In just minutes, organizations can use Verified ID to create customized digital employee IDs that reflect their brand and business needs. On LinkedIn, members will see an option to verify their workplace on their profile. With a few taps on their phone, members can get their digital employee ID from their organization and choose to share it on LinkedIn. After they send the credential, a Workplace verification will be displayed on their profile.
Verified ID is built on open standards for decentralized identity, which operates on a “triangle of trust” model involving three parties: an issuer, a holder, and a verifier. For instance, an organization can act as an issuer by cryptographically signing a digital credential and issuing it to an employee as a digital employee ID. As the credential holder, the employee can decide to share their credential with apps and websites, such as LinkedIn. Then the verifier can cryptographically authenticate that the digital employee ID is genuine and was issued by the place of work the employee claims. This approach represents a more secure, convenient, and trustworthy way to verify digital information at scale.
LinkedIn has long been used as a phishing tool able to catch people more easily than with traditional phishing emails. We’ve seen the platform being misused by several high profile treat actors in their phishing and cyberespionage campaigns, including the North Korean Lazarus group. The added so called authenticity in a photo, some background and a few potential shared connections can very easily be used to manipulate a target victim. Until now there has not been a digital equivalent of the physical ID which has unfortunately played into the hands of cyber criminals.
Digital interaction often helps with the art of manipulation at the hands of sophisticated threat actors so this new verification tool will no doubt reduce the current threat and add user confidence too. Like with all new tools to mitigate scams, bad actors will inevitably attempt to circumnavigation what they can. Verification of identity and employment components alone cannot completely prevent attackers from creating fictional identities and bogus companies to “verify” fake jobs. However, the broad acceptance of job verification on LinkedIn would make it more difficult for malicious actors to impersonate legitimate accounts and construct persuasive fake personas.
ESET Ireland 