We’ve all had it happen, right? You’re asked to accept an invitation from LinkedIn or some other social networking site and their name doesn’t ring a bell. You think maybe their name’s changed through marriage or “Is that Joe, the guy down in accounting from 12 years ago?”. You don’t want to seem a jerk so you accept and proceed to forget all about it.
So what’s really going on here? Well, it could really be Joe from accounting or it could be someone pushing into your circle of trust so they can mine for information. Often people post far more information about themselves on social networking sites than is prudent.
“When people make trust decisions with social networks, they don’t always understand the ramifications. Today, you are far more knowable by someone who doesn’t know you than ever before.” says Dr. Hugh Thompson, program chair of RSA Conferences, Founder and Chief Security Strategist at People Security. “Password reset questions are so easy to guess now, and tools like Ancestry.com, while not created for this purpose, provide hackers with a war chest of useful information.”
Also, it may not just be all about you. More cases are coming to light where the bad guys target not only the executives of a major corporation, a method known as “whaling” but also their spouses. The hope here is the shared home PC is not well protected and could provide an entry point for compromising the executive and gaining access to the target company.
The take away here? Be very careful who’s in your social networking circle of trust and be sure to limit the information you make available which might be used in ways you never anticipated.