It’s not enough that we have to be careful and watch out for bad emails trying to lure us into clicking links that can steal our information. Now it seems we need to step it up and look out for the social networking profiles too. There are bad actors taking the time to actually create social profiles that look convincingly real. These profiles have been found on LinkedIn, Facebook and others. I have personally seen these come through my Facebook and LinkedIn profile. What tipped me off was the fact I thought I had already been “friends” or accepted connections to a person, when I saw another request come through. Turns out it was not that person, but someone trying to make me think it so.What can you do?
- Know who your friends are. On social networks consider only accepting friend requests to people you actually know or have met. In my opinion, a social network is not about how many friends you have, it’s more about who do you actually know and want to associate with.
- On business networks like LinkedIn, consider the same guidelines. If you don’t know someone don’t assume it’s ok to connect. Even when the connection comes through from a first level connection. On LinkedIn you can see if it is 2nd or 3rd levels who see your profile from a 1st level connection. Don’t be afraid to ask your 1st level who that person is. Corporate espionage type scenarios have been documented through situations like this.
In the end, be cautious when using social media. Scrutiny is the name of the game in the online world. And if it doesn’t look right or feel right, there’s a good chance it is not. Listen to your gut.
Reference Article: Social Engineering Attackers Deploy Fake Social Media Profiles retrieved from SecurityIntelligence.com on November 9, 2015.
This is a Security Bloggers Network syndicated blog post authored by Jeff Evenson. Read the original post at: Security Friction