Using Professional Networks Securely

Social networks, whether they are for private or professional matters, make it easier for attackers to gain access to your personal data. A dense field of information allows attackers to manipulate their victims with personalized scenarios and force them to take harmful actions. This threat can concern individuals but also entire organizations.

Protecting your access

  • Sign-in name and e-mail address

    E-mail address

    • Use a private e-mail address to sign in if if it is not a business account. The university e-mail address serves a professional purpose and is for fulfilling your work duties.
    • Do not use only one e-mail address for all purposes.
      • E-mail account for your job and continuing education: e.g. job networks, applications, seminars, etc.
      • E-mail account for living expenses: e.g. electricity provider, telephone company, bank, etc.
      • E-mail account for private matters: e.g. streaming platforms, online shopping, etc.
    • Use an abstract sign-in name
      • JohnSample82 implies your name and birthday. An abstract sign-in name such as dlk_peah would be better.
  • Two-factor authentication

    Use another factor for authentication. Xing and LinkedIn offer a two-step signing in process where you use your password and receive a text message or authenticate your profile via app as a second factor.

    Using more than one device for employing the factors would be even safer: e.g. you sign in via your laptop with your password and use an app on your mobile phone to authenticate.


    • You can authenticate your login via app or text message. => settings => account security => two-step verification
    • If you do not want to be found via your phone number, check your settings under visibility / visibility of your profile and network / profile discovery using phone number


    You can authenticate your profile via app or text message. => settings / member account / two-factor authentication

    Your phone number does not appear on your profile. If you want your phone number to appear on your profile, you can add it via your profile (edit business card / edit contact details).

    To avoid losing access to your profile if you lose the second authentication factor, you can generate a back up code early on and store it safely.

Protect your data

  • Your options on Xing

    On Xing, you have the following options to protect your privacy:

    • Do you want others to find and view your profile (name and profile picture) on the Internet?
    • Do you want others to find your comments and posts outside of Xing?
    • Who may view your portfolio (CV, skills, etc.)?
    • Who may view your list of contacts?
    • Which activities do you want other members to see on your profile?
    • Who may view your contact information? And who can contact you?
  • Your options on LinkedIn

    On LinkedIn, you have the following options to set the visibility of your profile and network:

    • Who can see and download your e-mail address?
    • Who can see your surname? (e.g. in full or abbreviated)
    • Is it visible outside of LinkedIn? (e.g. via search request in a search engine)
    • Can others find your profile based on your e-mail address?
    • Can others find your profile based on your phone number?
    • How is your data used => data privacy

What can I do in the event of identity theft?

  • React quickly!
  • Make a list of the accounts that are affected: Do you use the same e-mail address to sign into multiple accounts? Even the same password? Do you have the option to reset your password yourself?
  • Change your access data. Start with the accounts that you need to reset passwords (e.g. your e-mail account) and leave resetting the password of the compromized account for last.
  • Contact the platform if you need further help. Inform the people in your personal environment as well.
  • Collect proof (chats, change history of account settings, account access IP) to report the identity theft.
  • Check all settings of your account and adjust them if necessary. Attackers could have changed your contacts or made copies of your e-mails. Check this as soon as you have regained control over your account.
  • Monitor your account. Continue to watch out for unusual activity on your account or your devices.