We all know that LinkedIn is a fantastic social media tool that helps you grow and maintain your professional network, keep in touch with colleagues and connect with new contacts that you’d like to speak to.
However, when considering whether to accept a connection request from a stranger, have you ever stopped to think if this stranger could be a ‘hacker’ or a ‘bot’?
We caught up with Dave Higgs, our information security lead at Opus to find out why you need to be vigilant when accepting requests from strangers and what checks you can make to ensure your contact is legitimate.
“It’s great to have a far reaching network on LinkedIn, especially for those who are connecting with each other to do business”, Dave comments “But, you should still be vigilant when accepting connections from people you don’t know, as there are Bots, Fraudsters and Hackers out there that are spreading misinformation or trying to gather information in order to exploit companies, their employees and customers”.
The issue is very real it seems, just recently a BBC article entitled ‘How your personal data is being scraped from social media’ reported how hacker Tim Liner compiled a database of 700 million LinkedIn users from all over the world, which he sold for around $5,000.
In Dave’s experience, hackers are definitely targeting businesses and its employees and suppliers looking for the weakest points of entry. Dave explains, “As a hacker, you would use fake social media accounts to conduct OSINT (open source intelligence) research on your target”.
The risk being that if you then fall victim to a hacker on social media, it allows them to see more information about you then they would be able to see normally which could then be used to map and target an organisation for an attack.
It’s not just LinkedIn that you need to be vigilant with, Dave adds “information on other social media accounts like Facebook is particularly useful to a hacker when it comes to guessing/cracking passwords and so on, for example, do you have information about family members or personal information about important dates on your social media that you use to construct passwords? “This is also why it’s important to use two-factor authentication on whatever accounts you can, and have a password manager”, stresses Dave.
The connection looks genuine and it looks like someone you might want to speak to about a business opportunity, after all they have the right job title and work in an industry you really want to crack. But, how do you decide whether to accept the connection request or not?
We asked Dave, as an ‘ethical hacker’ himself what his quick checklist is when he decides if the connection is genuine or could potentially be a hacker.
“When I receive a request from someone I don’t know, I look at their profile and go through the following …. “
1. Does their job role align with what I do or want to do?
"In my experience the last point is usually the biggest ‘Tell’ on a fake account.”
“Bots and hackers continually spin up new accounts or are managing a lot of accounts so are usually unauthentic and floored in some way”, explains Dave.
“For example, they could have few connections but lots of posts that are just sharing pages or videos with no added opinions or generic comments that are just "wow" or "look at this", or lots of connections but posts that only go back a few months - both might be suspicious. Likewise, if a contact uses poor grammar and or doesn’t have a bio, are they who you think they are?”
It seems that being your own private detective and taking the time to keep one step ahead of a potential security threat is crucial. Dave wants to make sure his connections are aware of the possible dangers in accepting invitations from people you don’t know on social media. He feels that if you start to use the process he outlines, then you will start to build up a very good gut instinct when something doesn’t feel right.
At Opus we are passionate about educating people about the security risks such as the one we’ve outlined here with social media. Within our Together™ range, our Opus Secure services provide you with valuable consultation services to guide you on your security journey and tools to keep all your essential data and systems secure and compliant.
Whatever you are looking for when it comes to security, Opus is here to support you with advice, training and consultation to help you identify and mitigate risks that could impact the operation of your organisation.
If you’d like to speak to our experts and get advice on all aspects of your organisations security, as well as receive information on the latest attack trends and what you can do to protect yourself now and in the future, why not book a free and no obligation consultation today.
About Dave Higgs:
Dave has over 10 years’ experience in solution design, architecture & implementation, he sits on Opus Information Security Team as information security lead and is an Ethical Hacker.