Intel Security has urged organizations to educate employees about the dangers of over-sharing on LinkedIn after new stats claimed nearly a quarter of Brits have connected to someone they don’t know on the social site.
The security firm polled 2000 UK-based 18-54-year-olds and found that over one in five had allowed a stranger to access their details by accepting a connection request.
Even more concerning was that over two-thirds (68.7%) admitted they had never wondered if someone is not who they say they are on the business networking site – a figure which rose to 71.5% in the 18-24-year-old age category.
Black hats are increasingly looking to sites like LinkedIn to harvest information on employees and their roles within a company, which they can then use to make spear phishing attacks – often the first stage in a targeted attack or APT – more convincing and effective.
They could also be the precursor to a whaling attack – where a scammer typically emails a member of the finance team pretending to be a CEO or CFO and requesting the transfer of funds outside the organization to an account in another country.
Often the cyber-criminal will pretend to be a recruiter or someone else in the same or similar industry, which can be enough to trick victims into accepting the connection request, explained Intel Security EMEA CTO, Raj Samani.
"Social networking sites are a treasure trove of data used by malicious actors in order to research potential targets for attacks, not only requesting to connect with senior executives but as many junior or mid-level employees at a company as possible," he added.
"They then target senior level execs, using their existing connections with colleagues as proof of credibility by leveraging the principle of social validation. Once these connections are in place they can launch a targeted phishing campaign.”
Samani urged organizations to include LinkedIn security and privacy tips in employee awareness and training programs in a bid to counter the threat.