Your LinkedIn connections might be hacking you
Accepting a connection from somebody you do not know on LinkedIn may help hackers steal your company data.
This is according to research from Intel Security, which has revealed that Brits will let people they do not know see their details, potentially leaving them open to risk from hackers who harvest the information for attacks.
Around a quarter of respondents to Intel’s survey said they accept “I’d like to connect with you on LinkedIn” requests from peopple they do not know.
“When a person in a similar industry to us, or a recruiter, requests to connect on LinkedIn, it may look harmless, but hackers prey on this as a means to target senior level professionals and ultimately the corporate network,” said Raj Samani, CTO of EMEA at Intel Security.
“Social networking sites are a treasure trove of data used by malicious actors in order to research potential targets for attacks, not only requesting to connect with senior executives but as many junior or mid-level employees at a company as possible,” said Samani.
“They then target senior level execs, using their existing connections with colleagues as proof of credibility by leveraging the principle of social validation,” he added. “Once these connections are in place they can launch a targeted phishing campaign.”
The FBI has warned that such attacks are on the increase, saying criminals send fake invoices, request wire transfers and so on using accurate looking but false emails. But Intel’s research revealed two-thirds of the 2,000 Brits surveyed had never wondered if a would-be social media contact was really who they claimed to be.
And companies aren’t helping. Most respondents to the survey said their employer hadn’t “made them aware” of any corporate policies around social media.
Companies should not assume that younger staff are automatically more web savvy than their older counterparts, with the research suggesting that younger people were less likely to doubt the honesty of a would-be contact than those in older age groups.
“Businesses must educate all members of staff on how to avoid common scams, including making them aware of the risks of opening unknown attachments in messages or clicking on unknown links,” said Samani.
The warning follows a hacker leaking a huge tranche of LinkedIn credentials – and Microsoft acquiring the professional social network for $26 billion.
Source | ITPro
