Establishing Digital Trust: Don't Sacrifice Security for Convenience
Bitdefender researchers recently received a LinkedIn message from a user identifying himself as Aziz Mohammed, a manager at Malaysia's Standard Chartered Bank. The LinkedIn user's profile appeared to have been built using the photo and profile information from the LinkedIn profile of the real Aziz Mohammed.
The scam message itself was relatively straightforward, asking the user somewhat vaguely to "set up a legal business relationship" by responding directly to a yahoo.com e-mail address.
To bolster his own legitimacy, the attacker had also set up a fake Facebook profile for Aziz Mohammed -- though he'd used an AP photo of former Secretary of State Colin Powell as Mohammed's profile picture.
Bitdefender's Bogdan Botezatu notes that messages sent via LinkedIn generally carry more weight than simple e-mails. "LinkedIn profiles are used by business people from around the world to find opportunities and get in touch with other people for business purposes," he writes. "Shortly put, people perceive LinkedIn as a trustworthy source: if one contact’s job is listed there, it must be real, right? No. LinkedIn does not validate the position or company a person claims to work in, like Facebook does, for instance."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The lesson, Botezatu says, is simple: don't jump into any business opportunity via e-mail, even if it seems to come from a legitimate source. "If the conversation involves financial or personal information, call the company and ask for the person to discuss the matter via phone, or schedule a face-to-face meeting," he writes.