UK staff are putting their companies at risk of phishing attacks because they are too willing to accept friend requests from random people on LinkedIn.
A survey of 2,000 workers by Intel Security found that around 24 per cent admitted to accepting requests from people they don’t know, opening company information to hackers.
Crooks can target phishing campaigns more effectively by using the information that connections on LinkedIn offer, as it gives a good insight into the networks and connections between high-ranking executives.
Phishing attacks targeting the CEO often take advantage of this, as Raj Samani, EMEA chief technology officer at Intel Security, explained.
"Social networking sites are a treasure trove of data used by malicious actors to research potential targets for attack, not only requesting to connect with senior executives but as many junior or mid-level employees at a company as possible," he said.
"They then target senior-level execs, using their existing connections with colleagues as proof of credibility by leveraging the principle of social validation. Once these connections are in place they can launch a targeted phishing campaign.
“For example, it could well be used as a precursor to a CEO fraud attack, a type of attack that continues to affect more victims and lead to even greater financial losses.”
A recent example of this cost the CEO of an Austrian manufacturer his job (and his company $40m) after he approved a payment that he believed to have come from another senior member of staff.
Abby Ewen, IT director at law firm BLM, told Computing recently that her organisation recently experienced a determined phishing attack using LinkedIn as the precursor.
"We had one this week, a scam email passed to me by a partner, and the person who sent [the scam mail] had connected with the partner on LinkedIn prior to sending the email. LinkedIn was used as the front door into the scam," she said.
Samani warned that companies should train staff to be aware of this tactic.
“Companies are falling for tricks by cyber criminals who get in contact using details skimmed from the internet to legitimise their own fake profile in order to better target businesses,” he said.
"When a person in a similar industry to us, or a recruiter, requests to connect on LinkedIn, it may look harmless, but hackers prey on this as a means to target senior-level professionals and ultimately the corporate network."
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime
The observations were made using the Atacama Array in the Chilean desert
J1043+2408 was observed for more than 10 years, and its radio light curve exhibited a periodic signal repeating in about 563 days