LinkedIn connections pose security risk
Intel Security is urging organisations to educate employees about the dangers of over-sharing on LinkedIn as a quarter of UK employees have connected to someone they don’t know.
Intel Security is urging organisations, including charities, to educate employees about the dangers of over-sharing on LinkedIn after new stats claimed nearly a quarter of UK employees have connected to someone they don’t know on the social site.
The security firm polled 2,000 18 to 54-year-olds and found that over one in five had allowed a stranger to access their details by accepting a connection request.
In addition – and perhaps more concerning – is the fact that over two-thirds (68.7%) admitted they had never wondered if someone is not who they say they are on the business networking site – a figure which rose to 71.5% in the 18-24-year-old age category.
Intel says hackers are increasingly looking to sites like LinkedIn to harvest information on employees and their roles within a company, which they can then use to make spear phishing attacks – often the first stage in a targeted attack. The security firm adds that these attacks could lead on to whaling attacks – where scammers typically email a member of the finance team pretending to be a CEO or CFO and requesting the transfer of funds outside the organisation to an account in another country.
Often the cyber-criminal will pretend to be a recruiter or someone else in the same or similar industry, which can be enough to trick victims into accepting the connection request, explained Intel Security EMEA CTO, Raj Samani.
“Social networking sites are a treasure trove of data used by malicious actors in order to research potential targets for attacks, not only requesting to connect with senior executives but as many junior or mid-level employees at a company as possible,” he added.
“They then target senior level execs, using their existing connections with colleagues as proof of credibility by leveraging the principle of social validation. Once these connections are in place they can launch a targeted phishing campaign.”
Samani urged organisations to include LinkedIn security and privacy tips in employee awareness and training programs in a bid to counter the threat.