A cybersecurity LinkedIn post about a job posting has reportedly turned into a potential phishing scam, and similar incidents are more common than one might think.
How and why cyber attackers target new hires
For example, a company hired an intern and provided him with the keys to his office, internet access and email address, although he also used a personal email and mobile phone at work. Depending on the size of the business, if you use multi-factor authentication, you’ll also need to have a two-factor authentication app on their phone, or give them a phone for work. New hires may be busy for a while, because there are a lot of new technologies to learn and use. This can be overwhelming and stressful for them, as new employees are eager to fit in and adapt to the work environment.
This is also when cyber attackers try to take advantage, looking for new hires hungry for positive performance. For example, cyber attackers attack new employees as they adjust to the corporate work environment. The content of some of the emails posted to them was normal in the beginning. For example, a cyber attacker sent an email asking an intern to help quickly complete a project, the email said business managers were holding a closed-door meeting. Ask to complete a task quickly. The email ended by asking the new employee to forward his mobile number as soon as possible.
How do cyber attackers learn about new hires? They start with the tools employees use for business contacts and use a more personalized approach to phishing. Cyber attackers connected a newly hired accounting intern with a partner in the business by monitoring business websites such as LinkedIn. The cyber attackers posted an email that appeared to be from a partner, asking the intern to help them. Again, they asked new employees to provide their mobile numbers so they could send text messages.
The emails entered the company’s business email mailboxes multiple times, but were not identified as spam or as phishing lures by mail filtering tools. The emails didn’t have enough triggers and completely broke the company’s existing email and endpoint detection and response (EDR) measures.
Cyberattackers target Uber and Twilio employees
The recent Uber breach apparently came as a cyber attacker tricked an administrator into approving a fake multi-factor authentication (MFA) request. Cyber attackers have used WhatsApp to ask administrators for more information to gain their trust and approve multi-factor authentication (MFA) requests. It is unclear whether the cyber attackers used social media tools to obtain more information.
Twilio recently revealed that cyber attackers targeted its employees and were able to match the names of their sources to their phone numbers. Cyberattackers are able to leverage publicly available databases to establish one-to-one relationships to attack targets.
How to Mitigate Social Media-Induced Attacks
Rachel Tobac of SocialProof Security confirmed on Twitter that cyber attackers are using commercial tools to target large and medium-sized businesses. Instead of listing employees or recruiting new employees on LinkedIn, businesses use data deletion services to pull information from databases maintained by LinkedIn and other companies, and make sure data protection doing well, she suggested.
As a recipient of a data deletion request, it is discovered that the deletion request may expose more information than was originally in the database. A site may only have an email address, but a data deletion request also exposes the user’s full name. Consider the reputation of the website and its track record of data deletion. There is so much information on the Internet these days that it is not really possible to get rid of it from the web.
When businesses hire new employees, make them fully aware of these types of attacks and risks to the business. Urge new hires not to post about new jobs or positions related to them, or limit posting to trusted contacts only. Employees should know exactly what methods will be used for communication from the business. Have your organization’s information security team implement “what-if” tabletop exercises to ensure employees know how to respond appropriately to security prompts. And make them aware that cyber attackers could target anyone in the business.
