8.3 Impersonation on Social Networking Sites

Social Engineering Through Impersonation on Social Networking Sites

  • Malicious users gather confidential information from social networking sites and create accounts in others' names.
  • Attackers use others' profiles to create large networks of friends and extract information using social engineering information using social engineering techniques.
  • Attackers try to join the target organization's employee groups where they share personal and company information.
  • Attackers can also use collected information to carry out other forms of social engineering attacks.

Social Engineering on Facebook

  • Attackers create a fake user group on Facebook identified as "Employees of" the target company.
  • Using a false identity, attacker then proceeds to "friend," or invite, employees to the fake group "Employees of the company"
  • Users join the group and provide their credentials such as date of birth, educational and employment backgrounds, spouses names, etc.
  • Using the details of any one of the employee, an attacker can compromise a secured facility to gain access to the building.

Social Engineering on LinkedIn and Twitter

  • Attackers scan details in profile pages. They use these details for spear phishing, impersonation, and identity theft.

Risks of Social Networking to Corporate Networks

  • Data Theft: A social networking site is an information repository accessed by many users, enhancing the risk of information exploitation.
  • Involuntary Data Leakage: In the absence of a strong policy, employees may unknowingly post sensitive data about their company on social networking sites.
  • Targeted Attacks: Attackers use the information available on social networking sites to perform a targeted attack.
  • Network Vulnerability: All social networking sites are subject to flaws and bugs that in turn could cause vulnerabilities in the organization's network.

results matching ""

    No results matching ""