• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Social Engineering and connection requests on LinkedIn

October 31, 2018 By Sylvain LeJeune

A stranger is connecting with you on LinkedIn? Beware.

When a total stranger comes out of the blue with a request to connect without any form of introduction on LinkedIn, I systematically ignore it. And so should you. And by the way, this is not only from a pure IT security standpoint. More broadly, I want to build a meaningful network of contacts. Quality should prevail over quantity. Having a network of 800-1,200 people I have talked to (at a minimum) wins over having a network of 8,000 – 10,000 I have never engaged with at all.

Now ,more specifically on social engineering and IT security. LinkedIn is a fantastic professional social media platform BUT it is also a great discovery platform for the purpose of social engineering  AND an attack vector to break into your employer via phishing, spear phishing & whaling.

Facts:

  • LinkedIn is a treasure trove of data which is used by malicious actors to research potential targets for attack
  • Fraud actors and cyber criminals are leveraging LinkedIn to initiate various types of scams, deploying social engineering, phishing, spear phishing, whaling campaigns against all of us who are legitimate LinkedIn users

What is the fraud actor’s ultimate goal ?

Unequivocally, it is to infiltrate your organization’s systems by bypassing the security solutions implemented by your IT Team or your IT Managed Services Provider.

Once the fraud actors have gained access to your computer, they can then move laterally inside your employer’s systems. All options are then open depending on their motive: steal data, encrypt files, take over computing resources, mine cryptocurrencies on your computer,  steal cash thru CEO fraud/business email compromise scheme.

How do they do it?

Phase 1 – Establishing Trust Factor and Social Validation. Cyber Reconnaissance.

There is an implicit faith that all accounts on LinkedIn are legitimate. Additionally, it tends to look harmless when a person working in a similar industry to you, or who has common connections with you, or a recruiter makes a connection request.

Well, this is when trouble starts.

Fraud actors and cyber criminals are experts at:

  • Building social validation
  • Making the most of a proof of credibility with their existing connections and common connections
  • Cyber reconnaissance: this is about target selection and spying. Gathering as much information about the target as possible, beginning with passive and moving towards more aggressive active reconnaissance.

They get to know you very well, your network, possibly your business trips and destinations, the name of your boss and colleagues, and they build an entire profile of you.

It makes Phase 2 (the actual hit) very credible, worthy of belief and compelling. This is why probably 90% of the time is spent in Phase 1 doing research and making preparations for what is to come next.

Phase 2: the attack itself or “the hit”.

Cyber criminals can launch a targeted phishing campaign with a phishing email containing a malicious link. They can also be more targeted with spear phishing or whaling emails (thanks to LinkedIn’s trusted InMail feature) without even the need to be connected to that LinkedIn member.

Finally, in some cases, fraud actors can use the good old phone: a whaling email can be followed up with a phone call confirming the email request.

In any case, Phase 2 is short and to the point. Spending more time doing research during Phase 1 increases the success rate of Phase 2.

Bottom line:

  1. Do NOT accept connection requests from strangers you have not met or talked to on LinkedIn. Period.
  2. Connecting seems harmless but you face the risk of getting into trouble, and become another victim of social engineering.
  3. My network should be an asset, not a potential liability.

Share This:

Related

Filed Under: Editorial Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use