Controls:

1.) Avoid accessing fake websites. Do not fall prey to statements like below:
"Due to the congestion in the LinkedIn system, LinkedIn will shutdown all the
unused account. Please confirm your email address and login information at the
below provided link."
Before filling details at the provided link by an attacker, check the IP address of the
website by going to View-->Page source. If the link provided is from authentic
LinkedIn system, then the IP address would be 216.52.242.86; IP address of the
website can be authenticated by checking at www.ip2location.com.
Please find below the screenshot taken fortifying the authentic IP address of
LinkedIn website.

2.) Avoid accessing the links coming in the spoofed messages(message from the person, whom
you do not know) at LinkedIn. As accessing that link could make you prone to phishing attack by
a hacker.
If you open that link, it can so happen that some malicious malware gets downloaded at your
system, even if you close the malicious website at very first, then also you cannot stop the
malware from getting downloaded, it is known as drive-by download. Without your permission,
malicious code like Zeus(famous key logger software) and Trojan can get downloaded at your
system. Key logger like Zeus will record all the key strokes and would store them in keylogger.log
file which would be sent to an unauthorized user or hacker by Trojan on periodic basis, whenever
you would be connecting to the internet.
Please refer below diagram for Phishing attack:

3.)Avoid falling prey to tiny URL (uniform resource locator). Usually the URL for
linkedIn messages and profile are quite large(80+ characters). So, sometimes
people convert these long URL to shorter URL (maximum 25 characters) using
websites like www.tinyURL.com. Such tiny URL does not have proper website
name, so in such cases user can click those tiny URLs and can get prone to drive-by
download phishing attack. So, it's better to convert the tiny URL to full long URL by
using websites like www.longurl.org and then accessing it.

Please find below screenshots of linked URL being converted to tiny URLs and then
back to full URL:

4.) Avoid downloading attachments in the messages of LinkedIn, until those are coming from
people whom you know or if you can see that it's a .doc file like resumes. Because sometimes
attachments or images comes attached in messages at LinkedIn which when you download and
unzip only have an empty file directory. Many times such attachments are used by hackers to put
malicious code at the user's system by attack know as steganography. Steganography is an art
of hiding the digit information(mainly malicious code) in the messages or images. Tools like
OpenPuff can used by hackers to hide malicious code or malware inside the attachments like
empty zipped files and images.
Please find below image of OpenPuff tool:

5.) Bad password: Avoid keeping common passphrases in the password. Avoid
passphrases having foul language like F**K; key words of the sites like work, link,
career etc.; key words like angel, gods, and number sequence like '1234','12345'
etc.
Please find below image show -casing top passphrases in the passwords of linkedIn
users:

6.) To mitigate XSS (Cross site Scripting) attack, LinkedIn should use OTP(one time password) as
additional level of authentication in case user is accessing the website or application( LinkedIn
app) from different device.

7.) Input coming into the LinkedIn website, should be validated by XSS filters against business
rules and set of defined rules of syntax, length and type.
8.) Output to the browser should be HTML encoded.
9.) Use strongly typed parameterized query APIs with place holder substitution markers, even
when calling stored procedures.
10.)Remove all stored procedures not in use.
11.) Avoiding generic names like "sa" for system administrator accounts.
12.)No public tours and sites visit to LinkedIn data center, along with restricted employee access.
13.) Two-level authentication like badging and biometric identification for entering into data
center .
14.)Proper physical and perimeter security like perimeter fencing, restricting barriers, 24*7
security personnel deployment etc.
15.)Proper disposal of storage media like hard drives by passing them to crushers and drive
shredders(hard drives life cycle management).
16.) Proper backing up of data and shifting of load to secondary site in case of any disaster, for
business continuity management.
17.) Video monitoring and analytics for security of data center.
18.)Maintaining relationship with local law enforcement.
19.)Multiple redundant connections of high speed fiber optic cables.
20.) Optimum number of DG(Diesel generator) sets for continuous power supply.
21.) Fire detection and suppression.
22.)File fragmentation, replication and storage for user data protection.