let’s make something together

Give us a call or drop by anytime, we endeavour to answer all enquiries within 24 hours on business days.

Find us

PO Box 16122 Collins Street West
Victoria 8007 Australia

Email us

info@domain.com
example@domain.com

Phone support

Phone: + (066) 0760 0260
+ (057) 0760 0560

,

The Problem with LinkedIn

  • By SouthridgeTech
  • 77 Views

By Conrad Nuccio

LinkedIn has solidified itself as the go-to professional social network. Users can create a profile, share their work history and skills, and build their own network of contacts. While great for connecting with old colleges or checking on potential hires, this kind of transparency opens the door to security risks.

The problem with LinkedIn, and all social media for that matter, is people are all too willing to disclose a ton of personal and professional information. Users can proudly exclaim that they are the head of human resources or the CEO of a company. But with this shining title, and a perfectly manicured profile page, this kind of networking puts a target on your back.

Disclosing your location, company, full name, and position allows bad actors to gather enough information to create a spoofed email address and a believable backstory. Once they have the email and backstory, they can attempt to infiltrate an organization. With minimal effort, the bad actor can see who else works at the company, a rough company structure, email layout, contacts, and other employees. This information is all critical in gaining the confidence of an unsuspecting or untrained user.

In the example below, the head of HR received an email from a legitimate user’s name, requesting to change where their direct deposit went. Luckily this client has been participating in weekly email security training and was able to spot that the email was not sent from a valid company email.

The information used to create this email can easily be found on sites like LinkedIn. In this situation, all that was needed was the user’s name, company name, and the name of the HR manager.

Another recent development in the world of LinkedIn is a major influx of fake accounts. There has been a dramatic increase in fake profiles for the Chief Information Security Officer (CISO) for several of the largest corporations. While it is still unclear what the true purpose of this is, it affects search engine results.

With all the information available on social platforms, users need to stay diligent and be aware of the information they’re making publicly available. Be aware of how easily someone could impersonate you. Remember to be diligent when an unexpected email hits your inbox, especially if it is asking for something strange.

Southridge Technology offers end-user education and advanced email threat protection. We provide training including simulated phishing campaigns and progress reports. We also offer robust and comprehensive email filtering and monitoring. Give us a call at (203) 431-8324 or drop us an email at support@southridgetech.com. We want to be in your corner.


Conrad Nuccio is a Technical Account Manager, a member of the Security Team at Southridge Technology and a self-appointed Chief Libation Officer. Conrad is originally from Hudson Valley, NY, voted most accident-prone in High school, and is a Tattoo Collector.