Hackers love LinkedIn because it links them in—straight through the portal of the targeted company. Geez, how much easier could this be, what with all the publically-exposed e-mail addresses of key players (and also worker bees) in big companies that someone wants to hack.
An article on blog.sungardas.com was written by a white-hatter (his job is to try to hack his clients’ systems so that they know how to make them more impenetrable to the bad guys). The author says he’d make a beeline to LinkedIn if he became a black-hatter.
In addition to all of those revealed e-mail addresses, the hacker could also learn (without hacking, of course) what a business’s e-mail structure is. He can then compile a list of employees for his social engineering attacks. (Can you just see him watering at the mouth over this—like putting a sizzling steak in front of a dog.)
A phishing campaign could trick the targets into giving up crucial information—essentially handing the company key to the hacker. The crook, however, knows better than to pull this stunt on IT employees. But fertile territory includes employees in the marketing, accounting and customer service departments.
Maybe you’ve read that every professional these days absolutely should have a LinkedIn account. You can bet that every hacker agrees!
Companies need to come up with a way to prevent hackers from sneaking into their network via that bastion of essentiality known as LinkedIn.
The penetration-tester, in his article recommends that businesses do the following:
Social engineering training. Workers must be aggressively trained in how to sniff out a phishy-smelling e-mail. No corners should be cut with this training program, which should include ongoing staged attacks.
A statement clarifying communication about security information. To help prevent employees from giving out sensitive information to the wrong people, the company must figure out how communication will be conducted, then get it down on paper. For example, “E-mails from our company will never ask you to reveal your username and password.”
Definitive reporting process for suspicious activity. Employees need to have, on paper again, specific instructions in how to report suspicious activity, such as a questionable e-mail. These instructions should be simple and to the point.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Phishing works and here’s why
A phishing e-mail is sent by a cyberthief to trick its recipient into revealing sensitive information so that the crook could steal money from the recipient or gain access to a business’s classified information. One way to lure an employee is for the crook to make the e-mail appear like it was sent by the
- Why You should file your Tax Return Yesterday
Someone else might file your taxes if you don’t get to it. And they won’t be doing it as a favor; they’ll be doing it to steal your identity. Here’s how it works: Cyber thieves send fraudulent e-mails to a business’s employees. The e-mails are designed to look like they came from the big wigs at the company. As
- Phishing attacks Two-Factor Authentication
Hackers bank heavily on tricking people into doing things that they shouldn’t: social engineering. A favorite social engineering ploy is the phishing e-mail. How a hacker circumvents two-factor authentication: First collects enough information on the victim to pull off the scam, such as obtaining information from their LinkedIn profile. Or sends a preliminary phishing e-mail tricking the recipient
- Sales Staff Targeted by Cyber Criminals
Companies that cut corners by giving cybersecurity training only to their technical staff and the “big wigs” are throwing out the welcome mat to hackers. Cyber criminals know that the ripe fruit to pick is a company’s sales staff. Often, the sales personnel are clueless about the No. 1 way that hackers “get in”: the
- Inside the Business E-mail Compromise Scam
Trick e-mail = fraudulent wire transfer = hundreds of thousands to millions of dollars stolen. That’s what’s happening with business executives in select industries (e.g., chemical operations, manufacturing), says a report at threatpost.com, citing a finding from Dell SecureWorks. The phishing e-mails are part of those Nigerian scams you’ve heard so much about, a business e-mail compromise