A recent web seminar by Computing revealed that LinkedIn now is being considered a front door access for potential phishing attacks in order to encourage careless users to open malicious emails and their links. Now LinkedIn isn’t in itself the issue here, it is more the way people act that is and in combination with already available information.
We mostly see DDoS and similar attacks make the headlines, but phishing is now considered to be the top threat to businesses and it is constantly increasing in severity. The attacks use novel methods to make potential victims feel comfortable before they send their malicious payload. LinkedIn is now being used in a big fashion as that entry point. This is where hackers make the first contact with potential victims. After an initial trust has been built, it is far more likely for a victim to click a malicious link without double checking what it will do. Another reason that phishing has grown as a method of attack is that it doesn’t take any skill at all to do so. Anyone with bad intentions can do it.
One of the examples given at the seminar was from the law firm BLM that continuously is a target of phishing attempts. For example, they have had both email and phone calls attempting to extort money by someone purporting to be the CFO, and they very often originate from LinkedIn contacts.
Not all phishing attacks are as sophisticated, but they’re still very effective because people have developed a click mentality for their inbox. An example for this was given too. In one day they received 2500 copies on the same email in 10 minutes that seemed to come from the department of motor vehicles, and people just clicked the included link, no questions asked. Even though the email had a specific registration number listed, people still clicked it despite not being one they own. One person even clicked it not owning a car at all. Luckily BLM runs everything in a sandbox and these things are caught, but there are still a lot of companies that don’t take this threat seriously.
In most instances phishing can be combated with common sense, but in a world as busy as ours, common sense is often turned off in exchange for productivity.
Personally, I’ve seen a big rise in SMS fishing lately and I regularly get suspicious messages from numbers and names that appear to be genuine – but on close inspection they never are.
Image courtesy of Hotspot Shield