Fake Social Profiles
Fake Social Profiles – Social Engineering Trojans that attack Enterprises
Mark Hughes is an attractive and middle aged professional who has an air about him of having been there and done that and on LinkedIn profiles has more than a thousand connections that are the who’s who of the industry along with a long list of endorsements from well to do professionals in the IT industry. What’s more, he looks dapper in a Black suit and a red tie!
What people who are connected to Mark do not know is that he is not real! And his associated accounts that exist on other networks are similarly dubious and have no posts to host for a long while. Search for any other information about Mark, and you will soon find out that Mark doesn’t exist at all! And yet there are all these people in multitudes who seem to believe that Mark is a real person without knowing that an unknown hacker is probably distributing links that have malicious content through messages or better still targeting the IT industry using a social engineering campaign.
While some of us might consider this a satire and just leave it at that, the fact remains that someone made enough efforts to make their profile look legit and is probably more sinister in trying to connect with people of such repute and pedigree. Profiles like that of Mark present the challenge of a very well thought out social engineering campaign of a next generation. It is not someone who is a dud who creates this profile as people might dispose it off as but a more tactical hacker who is successful in convincing all the top brass about his fake profile and connect to his intended targets, and if he were to be so convincing to such people then imagine the level of threat such a hacker poses to all his contacts. Once someone accepts the request on social media, a hacker most certainly can steal credentials or launch a cyberattack thereby posing a serious security threat.
If you thought that Social engineering is difficulty then you are wrong, according to most security service providers and enable a hacker to enter the echelons of any company or industry and launch campaigns pertaining to phishing and malware programs or better still mine out data pertaining to the company that could be deemed as sensitive through several interactions with unsuspecting employees. The concept of social engineering remains unaddressed by traditional security measures that are employed by large MNC’s and software like anti-virus or email gateways.
Some of the social media links are malicious in nature, which means that it opens up a user to the risk of exposure to instances of social engineering and what is even more astounding is that the Sales teams or the CMO in such cases of attacks are not completely held responsible for it. Given this, the only option left with most CISO professionals is to assess risks of social media very carefully and work on hedging the same!
Although social media management tools like Hootsuite, Savvy or Feedly produce images of a very colourful marketing option that promises to reach out to the customers and connect with them, it also should get the CISOs to monitor the risks that these platforms bring to any company as the next generation of marketing tool also presents challenges that are equally severe and intensive.