Monday, 13 January 2014

Hacking with LinkedIn. The next battlefield in Cyber-warfare

Social engineering by definition is “a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.” Social engineers often referred to as con artists, have been around for hundreds of years and their methods have evolved alongside the World’s technological developments.

Social engineering expert Sharon Conheady delivered a presentation entitled the “Future of Social Engineering” at DeepSec 2010. In her presentation she outlined how social networks, such as LinkedIn may be used for social engineering in the future. Well, the time has come, more and more scams are surfacing LinkedIn. Here’s the latest one:

How to spot the signs

As you can see the message follows the pattern of the well-known 419 Scams, also known as advance-fee frauds. However, it has one important characteristic that most scam emails don’t: a well-designed LinkedIn profile to give credibility to the message. 
The sender claims to have been Senior Accountant at Lloyds Banking Group for over 9 years now; however her profile states over 15 years spent at the role. Perhaps the body of the message would need an update?

There are also formatting errors, such as the spelling of “AleX Jones”, which clearly suggest that the message is unlikely to have come from a legitimate source. And of course we shouldn’t ignore the message either. Which bank would give away any money to someone who shares the same surname as a client? None.

If you'd like to know more about social engineering, watch the full presentation of Sharon Conheady, including stories of LinkedIn attacks, starting at 25:16. 

Please be alert and look out for scams like this. If you found this article useful share it, so that your friends and family won’t have the slightest chance of falling victim to it.