Cybersecurity Insight

How Your LinkedIn Profile Could Be A Security Risk

4 Sep

We all know the inherent risks of social media and hear the tales of despair. Don’t post pictures that can get you in trouble. Don’t spout off personal opinions on Twitter, or use the business profile to comment on public news. Well, now, professionals, especially those in the IT world have a new risk to worry about.

It appears cyber criminals are now using business social media to track down potential targets for their attacks.

IT professionals on Linkedin were recently targeted by an intelligence gathering scheme that used fake profiles to “befriend” or “connect with” IT managers and professionals from multiple companies.

The idea is that these fake profiles, used by cyber attackers, could be used to identify high level IT professionals from certain organizations that could be the target of attacks.

An recent IT News article drew comparisons to a test that was run by a security firm in 2012 that created a fake LinkedIn profile resembling a new hire at a government agency. The profile connected with several members within the organization, and was then used to launch a successful attack on the organization’s IT manager.

This is just another in a long line of things to worry about when it comes to online security. LinkedIn, while a large company that makes its primary profits in other areas, is a nice tool for connecting with other professionals but doesn’t really meet the needs of many looking for jobs or real business connections. In the end, it often acts as just another website where we have personally identifiable information posted.

Screenshot of a fake LinkedIn profile
This is an example of a fake profile. Notice the vague descriptions, weird stock photo, and the odd combination of education and her “work” now.

What’s more is that many profiles often reflect realism that isn’t even created by the fake account owner. For instance, LinkedIn profiles have lists of skills an individual may be good at or recommended for. Other connections or business acquaintances my “endorse” these people for certain skills. For whatever reason, many people “endorse” people they aren’t really familiar with in a business setting – and this often lends credence to a profile that may not be real.

While this seems worrisome, this will probably only affect upper level management in certain industries as it’s probably not in an attackers interest to hack every level of employee in every industry. However, the IT manager at Department of Motor Vehicles? Now that’s a juicy treat for a cyber thief. Many would agree it would be best if we all stopped using social media, but of course, that’s a dream that won’t likely be realized any time soon. LinkedIn is a handy tool for business people to network and will not be stopped by an issue like this.