I use Facebook almost exclusively for personal use to connect with friends, family, or business acquaintances, while Twitter is for news and commentary I find interesting. On the business-focused LinkedIn, however, I’m more liberal when it comes to connection requests.
I reason that since the Microsoft-owned LinkedIn is for business networking, the more people I network with, the better it will be for my career and business relationships. I suspect that millions of LinkedIn users take the same approach.
However, I recently was made aware of a report from Dell-owned cyber-security firm SecureWorks. Its Counter Threat Unit (CTU) observed phishing campaigns targeted at the Middle East and North Africa that delivered PupyRAT, an open-source, cross-platform access Trojan using a fake person named Mia Ash.
In short, this report reveals that a known Iranian hacker group called Cobalt Gypsy created a fake profile of a woman named Mia Ash, who claimed to be a celebrated photographer. When I looked at Mia Ash’s profile, it looked like many I’d connected with on LinkedIn or Facebook over the years.
The goal of the fake Mia Ash profile was to connect with individuals who were inside legitimate companies in the Middle East and trick them into opening a Word document via their company’s email. That would deliver the PupyRat Trojan, infecting the company’s network and potentially allowing the hackers entry to steal information.
Some years ago, Cobalt Gypsy used LinkedIn to spread malware-laden job applications. In that case, the fake persona was someone called Timothy Stokes, who said he was a recruiter for a well-known company.
I have also had suspicious requests on Facebook. A recent one came from a person who claimed to be CEO of a Minnesota company, but when I looked up the company, it did not exist.
I’m the last person to discourage anyone from being active on social media. LinkedIn, Facebook, Twitter, and others are legitimate ways to make connections and develop relationships. However, after reading about Mia Ash, I will carefully vet connection requests on LinkedIn.
I suspect that social media will be used more and more for phishing schemes. These two instances focused on the Middle East, but in talking to other security companies, I’m told that similar scams are becoming more common in the US. They use the same approach—befriend a person and over a few weeks or months get them comfortable with communicating and sharing personal information. At some point, they will say they have a friend who is a recruiter and suggest you send your resume—from your corporate email. Then, once the “fake” person can reach them through their corporate email address, they ask the target to open a malware-laden document, putting a company network at risk.
If you work for a company that uses social tools like LinkedIn, SecureWorks says your company should have a system in place whereby you can report any unusual or suspicious activity they receive from an unknown third party. They also suggest that individuals or organizations disable macros in Microsoft Office to mitigate the threat posed by malicious documents.
For consumers of all types, I highly recommend they be very cautious about whom they friend on any social media and never open a document from anyone unless it comes from a person you know and trust.