According to a survey more than one in five employees admit they connect with strangers on LinkedIn.
The practice potentially opens up a wealth of information for any cyber attackers collecting personal information to launch a highly effective spear phishing attack.
CTO for Europe at Intel Security, Raj Samani, said: “When a person in a similar industry to us, or a recruiter, requests to connect on LinkedIn, it may look harmless, but hackers prey on this as a means to target senior-level professionals and ultimately the corporate network.”
He believes social networking sites are a “treasure trove” of data used by malicious actors to research potential targets for attacks.
He believes a common way of accessing this personal data is by requesting to connect with as many senior executives and mid-level employees as possible.
Samani added: “They then target senior-level execs, using their existing connections with colleagues as proof of credibility by leveraging the principle of social validation.“Once these connections are in place, they can launch a targeted phishing campaign. For example, it could well be used as a precursor to a CEO fraud attack, a type of attack that continues to affect more victims and lead to even greater financial losses, according to assessments by the FBI.”
Samani expressed concern that many employees are unaware of CEO fraud scams in which employees are tricked into helping cyber criminals using emails that appear to come from a CEO or another senior executive.
The survey revealed that 71.5% of 18-24 year olds had never wondered whether someone is not who they say they are on social media.
Samani said this presents a significant risk to the corporate network.
He added: “Employees often expose their own accounts – and therefore their company data – to threats without realising it.“Businesses must educate all members of staff on how to avoid common scams, including making them aware of the risks of opening unknown attachments in messages or clicking on unknown links.”
View Internet News Archive