Tuesday, September 1, 2020

U.S. government employees and Israeli academics: Beware phishing attacks

If you receive an unexpected message displaying this adorable kitten, would you click? Would you reply? Would you open any attachments? After all, it's just a cute kitten!


Or... is it? How do you know?

The correct answer is: You do not. 

What if you receive a flattering message from a journalist who expresses interest in your presentation abilities and shares his or her LinkedIn profile with you? Does that LinkedIn page offer credibility to the sender's real identity? 

No! 

LinkedIn unwittingly hosts countless fake profiles. Some of them are very well crafted and could fool the most seasoned cybersecurity professional. These avatars can sell for upwards $5,000 on the dark web. But, in reality, most imposter profiles are lame because they are created by lazy or amateur hackers. 

How can you tell if a LinkedIn profile is fake? Look for these in the profile:
  • lots of groups followed
  • few connections
  • little activity
  • the image is fake - upload the photo to images.google.com to find out!
  • little activity posted
  • the profile is new

For more information about an old phishing trick that has resurfaced and may be targeting you, see this article: The Iran-linked APT is targeting Israeli scholars and U.S. government employees in a credential-stealing effort at https://threatpost.com/charming-kitten-whatsapp-linkedin-effort/158813/

No comments:

Post a Comment