Targeted Attack Using Social Networking Websites

A LARGE REAL ESTATE FIRM HAS REPORTED AN INCIDENT OF BEING A VICTIM OF A TARGETED ATTACK

A large real estate firm has reported an incident of being a victim of a targeted attack. In this case only five employees were targeted, specifically employees that handled the organization's finances. Two were in cash operations, two in accounts payable, and one in treasury/finance. The targeted employees received a social engineering email that contained a malware. All five employees had profiles on LinkedIn that included their job titles that clearly determined that they had access to the firm’s banking information. This means any threat could harvest LinkedIn and determine whom to specifically target at the organization.

By targeting a very small percentage of the organization, attackers can more easily evade detection. If the email was sent to all employees the targeted organization would have most likely detected the attack.

Tip: Do not post confidential information such as your job title on your social networking account.