Your attractive new female Facebook friend is probably a spy [RSA]

Facebook Home coverfeed

Facebook Home coverfeed

Yes this is true: men like attractive women and that is their weakness. Aamir Lakhani, Solutions Architect, World Wide Technology, Inc. and Joseph Muniz, Consulting Systems Engineer – Security, Cisco Systems, Inc. think it’s time you understand the dangers of that weakness.

Here is the thing: this character called “Emily Williams” does not exist. She is a made-up person that managed to fool hundreds of people from top global corporations, get job offers, obtain sensitive information and receive endorsements. Oh and yes, she was used as a platform to launch sophisticated attacks.

This is the lesson Lakhani and Munzi want you to learn: social media is a big deception and it is the latest technique attackers are using to manipulate users.

Human beings are incredibly susceptible the duo said to the RSA conference audience. They were able to launch an attack by simply creating a “fake Facebook and LinkedIn profile to gain information using social media”. This was done through social engineering techniques that “allowed us to participate as a new hire.” In the end “we were able to gain access to logins, issued laptops, jobs offers and endorsements”.

The real threat was achieved through “click jacking”:

“We published a Christmas card on social networks that gave us remote access to anyone that clicked on the link. This gave us significant access to devices and data.”

Users are prompted through quizzes or cards and when they follow the prompts and click through, they are hijacked by invisible controls that give their devices and accounts over to the attackers, unbeknownst to them. Lakhani and Munzi reckon that these measures are being deployed every day by sophisticated attackers.

Lessons to learn from the Emily Williams project

Identities are a valuable commodity, protect them. Humans are naturally trusting and people use the same passwords for everything. Attractive women get special treatment in a male-dominated industry, surprise surprise.

Common security products will not protect you from social engineering threats and these threats can impact your business. Unfortunately there isn’t a silver bullet product that can protect you from a future Emily Williams.

The best you can do according to the duo is to:

  • Segment the network
  • Provide limited approved access
  • Spread your security investments
  • Attack your own network
  • Use your data or its worthless

Oh, and don’t trust every beautiful girl who wants to be your friend on Facebook or LinkedIn.



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.