Categories
Computer & Network Security|Information Security|Social Engineering>Phishing|Compliance>Privacy

LinkedIn Profiles: Ripe for phishing recon

The author notes that LinkedIn has “…more than 259 million members—many who are highly paid professionals in technology, finance, and medical industries—LinkedIn holds a wealth of personal data that can prove highly valuable to people conducting phishing attacks, identity theft, and similar scams.”

Many times there are legitimate business reasons to post identifiable information such as email, phone, etc on LinkedIn.  Is it necessary to add things like date of birth or address?  Users must keep in mind the type of information they make available and what it could be used for.

Additionally, do you ‘know’ each of your contacts?  How many times do you get a connection request from someone you don’t really know, but feel like it could be beneficial to connect to?  A previous post references a targeted phishing attack through LinkedIn.  These situations continue to emphasize the need for users to become aware of what information they make available regardless of the perceived trust of the system in use.

Source: http://arstechnica.com/security/2014/01/hackers-use-amazon-cloud-to-scrape-mass-number-of-linkedin-member-profiles/