Social Engineering on Facebook

Facebook is not only the most popular social network, it’s also a hotbed for social engineering cyber attacks. Social engineering attacks are when people are deceived in order to exploit a target – phishing attacks, Trojan malware, and online scams all qualify as social engineering attacks.

You can harden yourself and your organization against social engineering attacks with education and by encouraging a healthy sense of skepticism. If something sounds too good to be true, it probably is.

Here are some social engineering attacks to look out for on Facebook.

Acquiring Friend Access to Facebook Accounts through Fake Profiles

Aaron Dahl is a private investigator with the Trust Investigative Group. He has used Facebook social engineering, and he wrote about his experiences and knowledge. Here are some of the ways he’s successfully acquired friend access to his targets’ Facebook accounts.

First, he’d come up with a fake Facebook profile with a name that’s not too generic (“John Smith” raises suspicions) and not too unusual (names like “Maximus Jakoniella” are too easy to remember.) He’s found that names like “Cody Williamson” or “Jennifer Earl” to work perfectly. My name, Kim Crawley, would probably work pretty well, too.

Next, he’d make sure that his fake profile is “mutual friends” with his target. That increases his target’s trust of the fake profile. It’s a lot easier than it sounds. He’d send friend requests to dozens of his target’s friends, and inevitably at least a few would accept. A lot of people on Facebook will accept friend requests as a reflex, assuming that the person is an old acquaintance from middle school or grade school or someone they met through friends in the past.

Assuming that your fake profile name isn’t too unusual, you can Google the name and inevitably find photos of (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Kim Crawley. Read the original post at: Cylance Blog