With today’s technology criminals are able to create malicious emails that look identical to the real thing. We suggest you question everything that comes through to your inbox. One click on a harmful link is capable of causing significant business distruption and financial loss.
This week we have received alerts that scammers are now exploiting LinkedIn’ s popularity in order to fool end users. LinkedIn is a very popular site and well known to everyone in the business field. The scary thing about this week’s attacks are that they are not spoofed emails, they are really coming from LinkedIn. Hackers found a way to manipulate this website in order to attack innocent victims.
Attackers are using this website in order to attempt phishing scams. First the attacker will find someone who is associated with a well-known financial company. They then target the individual with phishing attacks in order to gain any valuable information. LinkedIn profiles can provide the attacker with the little bit of information they need to sound convincing to the target. The last few instances that occurred involved the attackers scamming employees out of their credentials. With the credentials the attackers are now able to gain network access to important data.
The scam can also work the other way. Criminals could also pretend to be a higher up at a well-known company and target individuals seeking employment. They could possibly convince someone who is vulnerable to give up valuable business information.
Phishing scams that come from LinkedIn are a major cuase for concern because most network security devices will allow legitimate LinkedIn messages through their filters because they are actually coming from the LinkedIn's servers.
The best form of defense against these types of attacks that circumvent automated security systems is user awareness. In order to prevent these types of attacks we suggest participating in our security awareness training program offered by ICS. This program is geared to find your phish-prone employees and educate them about safe email and internet practices.