Social engineering is the use of research across social media channels by hackers to make contact with individuals within an organisation until they get the data they need to access the business.

A survey of 2,000 people by Intel Security discovered that almost a quarter (24 per cent) of Brits had connected with somebody they did not know personally on LinkedIn, which could not only open them up to targeted cyber attacks, as criminals use personal information to tailor their approach, but also the companies they work for.

Around two-thirds (69 per cent) of those surveyed also confessed that they had never stopped to think about whether somebody they connected with on LinkedIn was who they said they were, and this figure rises to 72 per cent for 18-24 year olds.

So what does that mean?

That those security and privacy settings on your personal LinkedIn page are actually a lot more significant than you might have thought – and that having random strangers try to connect with you on LinkedIn is not something you should be excited about.

“Social networking sites are a treasure trove of data used by malicious actors in order to research potential targets for attacks, not only requesting to connect with senior executives but as many junior or mid-level employees at a company as possible,” said Raj Samani, technology chief at EMEA Intel Security. “They then target senior level execs, using their existing connections with colleagues as proof of credibility by leveraging the principle of social validation. Once these connections are in place they can launch a targeted phishing campaign.”

As suggested above, the benefits of social engineering for hackers is that they can then make the emails they send with their phishing or ransomware payloads attached, more convincing – and make it more likely that someone will click on a link or download an attachment, at which point the attack can begin.

Developing a policy for staff around how they should use LinkedIn in particular is highly recommended as part of your organisation’s security toolkit.

If you have questions about other steps you should take, contact us, or ask to join our security alerts group.

(Credit: Quotes in this post were sourced from this article:…)