Page 30 - Cyber Warnings
P. 30
Enterprises and Individuals – Stay Ahead of Social Engineers on
Social Media
Greg Mancusi-Ungaro, BrandProtect
Whether you are running for president, running a business, or just a runner, your online
presence and personality – as expressed by your social media and social networking activity –
is a powerful tool that you can leverage for success.
But that same online presence creates personal and business risk and vulnerability that cyber
criminals are only too happy to exploit.
Recent analysis by security firm, BrandProtect, found that more than 15% of Fortune 100 CEOs
with LinkedIn accounts are represented by multiple LinkedIn profiles. Almost 40% of Fortune
100 CEOs on Twitter are plagued by at least one duplicate or copycat account.
Presidential candidate Donald Trump is spoofed, admired, supported and derided by over 90
copycat twitter accounts.
Even though it seems easy to dismiss these duplicate accounts as harmless (or in the case of
Trump, as entertaining) the existence of these accounts creates risk for their namesakes.
Duplicative accounts, on LinkedIn, Facebook, and Twitter are often the creation of cyber
criminals seeking to socially engineer their way into an organization or a position of trust.
These accounts, and other kinds of fake accounts act to capture information that they may
unleash in a devastating email-based attack.
Here is how they do it…
Every day, cyber criminals are active on sites from LinkedIn to, using various techniques to
mine the treasure trove of profile information for social engineering and exploit planning.
Basically, the perpetrators steal an identity or biography, and leverage it to gain more and more
information about a targeted enterprise.
1. It’s easy for a social engineer to assume practically any identity they want, and then
work to make that identity look plausible and trustworthy. They mine social sites for the
life details, work histories and key words that they use to create fictitious profiles.
2. Hives of imposter accounts will generate bogus endorsements, recommendations and
contacts for one another, giving them increased credibility. Sometimes affinity pages and
user groups get created. The criminals then use these fake accounts and groups to
30 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
