Controls:

1.) Avoid accessing fake websites. Do not fall prey to statements like below:

"Due to the congestion in the LinkedIn system, LinkedIn will shutdown all the unused account. Please confirm your email address and login information at the below provided link."

Before filling details at the provided link by an attacker, check the IP address of the website by going to View-->Page source. If the link provided is from authentic LinkedIn system, then the IP address would be 216.52.242.86; IP address of the website can be authenticated by checking at www.ip2location.com.

Please find below the screenshot taken fortifying the authentic IP address of LinkedIn website.

2.) Avoid accessing the links coming in the spoofed messages(message from the person, whom you do not know) at LinkedIn. As accessing that link could make you prone to phishing attack by a hacker.

If you open that link, it can so happen that some malicious malware gets downloaded at your system, even if you close the malicious website at very first, then also you cannot stop the malware from getting downloaded, it is known as

drive-by download. Without your permission, malicious code like Zeus(famous key logger software) and Trojan can get downloaded at your system. Key logger like Zeus will record all the key strokes and would store them in keylogger.log file which would be sent to an unauthorized user or hacker by Trojan on periodic basis, whenever you would be connecting to the internet.

Please refer below diagram for Phishing attack:

3.)Avoid falling prey to tiny URL (uniform resource locator). Usually the URL for linkedIn messages and profile are quite large(80+ characters). So, sometimes people convert these long URL to shorter URL (maximum 25 characters) using websites like www.tinyURL.com. Such tiny URL does not have proper website name, so in such cases user can click those tiny URLs and can get prone to drive-by download phishing attack. So, it's better to convert the tiny URL to full long URL by using websites like www.longurl.org and then accessing it.

Please find below screenshots of linked URL being converted to tiny URLs and then back to full URL:

4.) Avoid downloading attachments in the messages of LinkedIn, until those are coming from people whom you know or if you can see that it's a .doc file like resumes. Because sometimes attachments or images comes attached in messages at LinkedIn which when you download and unzip only have an empty file directory. Many times such attachments are used by hackers to put malicious code at the user's system by attack know as steganography. Steganography is an art of hiding the digit information(mainly malicious code) in the messages or images. Tools like OpenPuff can used by hackers to hide malicious code or malware inside the attachments like empty zipped files and images.

Please find below image of OpenPuff tool:

5.) Bad password: Avoid keeping common passphrases in the password. Avoid passphrases having foul language like F**K; key words of the sites like work, link, career etc.; key words like angel, gods, and number sequence like '1234','12345' etc.

Please find below image show -casing top passphrases in the passwords of linkedIn users:

6.) To mitigate XSS (Cross site Scripting) attack, LinkedIn should use OTP(one time password) as additional level of authentication in case user is accessing the website or application( LinkedIn app) from different device.

7.) Input coming into the LinkedIn website, should be validated by XSS filters against business rules and set of defined rules of syntax, length and type.

8.) Output to the browser should be HTML encoded.

9.) Use strongly typed parameterized query APIs with place holder substitution markers, even when calling stored procedures.

10.)Remove all stored procedures not in use.

11.) Avoiding generic names like "sa" for system administrator accounts.

12.)No public tours and sites visit to LinkedIn data center, along with restricted employee access.

13.) Two-level authentication like badging and biometric identification for entering into data center .

14.)Proper physical and perimeter security like perimeter fencing, restricting barriers, 24*7 security personnel deployment etc.

15.)Proper disposal of storage media like hard drives by passing them to crushers and drive shredders(hard drives life cycle management).

16.) Proper backing up of data and shifting of load to secondary site in case of any disaster, for business continuity management.

17.) Video monitoring and analytics for security of data center.

18.)Maintaining relationship with local law enforcement.

19.)Multiple redundant connections of high speed fiber optic cables.

20.) Optimum number of DG(Diesel generator) sets for continuous power supply.

21.) Fire detection and suppression.

22.)File fragmentation, replication and storage for user data protection.