AI-Enabled Samsung Galaxy Z Series with Innovative Foldable Form Factor & Significantly Improved Screen Delivers New User Experiences Across Productivity, Communication & Creativity The…
Your attractive new female Facebook friend is probably a spy [RSA]
Yes this is true: men like attractive women and that is their weakness. Aamir Lakhani, Solutions Architect, World Wide Technology, Inc. and Joseph Muniz, Consulting Systems Engineer – Security, Cisco Systems, Inc. think it’s time you understand the dangers of that weakness.
Here is the thing: this character called “Emily Williams” does not exist. She is a made-up person that managed to fool hundreds of people from top global corporations, get job offers, obtain sensitive information and receive endorsements. Oh and yes, she was used as a platform to launch sophisticated attacks.
This is the lesson Lakhani and Munzi want you to learn: social media is a big deception and it is the latest technique attackers are using to manipulate users.
Human beings are incredibly susceptible the duo said to the RSA conference audience. They were able to launch an attack by simply creating a “fake Facebook and LinkedIn profile to gain information using social media”. This was done through social engineering techniques that “allowed us to participate as a new hire.” In the end “we were able to gain access to logins, issued laptops, jobs offers and endorsements”.
The real threat was achieved through “click jacking”:
“We published a Christmas card on social networks that gave us remote access to anyone that clicked on the link. This gave us significant access to devices and data.”
Users are prompted through quizzes or cards and when they follow the prompts and click through, they are hijacked by invisible controls that give their devices and accounts over to the attackers, unbeknownst to them. Lakhani and Munzi reckon that these measures are being deployed every day by sophisticated attackers.
Lessons to learn from the Emily Williams project
Identities are a valuable commodity, protect them. Humans are naturally trusting and people use the same passwords for everything. Attractive women get special treatment in a male-dominated industry, surprise surprise.
Common security products will not protect you from social engineering threats and these threats can impact your business. Unfortunately there isn’t a silver bullet product that can protect you from a future Emily Williams.
The best you can do according to the duo is to:
- Segment the network
- Provide limited approved access
- Spread your security investments
- Attack your own network
- Use your data or its worthless
Oh, and don’t trust every beautiful girl who wants to be your friend on Facebook or LinkedIn.