International Cyber Expo International Cyber Expo
  • About Us
Tuesday, 14 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Best Security Practices to Prevent Costly Social Engineering Attacks

by The Gurus
August 17, 2016
in This Week's Gurus
Share on FacebookShare on Twitter

Although social media is a powerful tool for professionals and businesses, it is also an equally powerful tool for cyber criminals. The same information used to express your personality and background can be used by cyber criminals to exploit personal and business vulnerabilities through elaborate social engineering schemes. And it’s happening far more often than one might expect.
BrandProtect security experts recently analyzed Fortune 100 CEO Twitter and LinkedIn accounts to identify duplicate or copycat accounts. 40% of Fortune 100 CEOs on Twitter had profiles flagged as possible copycat accounts. On LinkedIn, 15% of Fortune 100 CEOs are represented by multiple LinkedIn profiles. These accounts represent a risk – to the executive, and to the business.
Of course, parody on Twitter has become an art. Political leaders are often imitated in numerous parody of satire accounts. Donald Trump, for example, has inspired more than 90 parody Twitter accounts. But he is also imitated by no fewer than 56 other twitter accounts that present themselves as legitmate accounts (Hillary Clinton has 17 similar imitators). Handles like realDonaldTranp, keelDonaldTrump, reaIDenaldTrump, realDonoldDrump, and realDonaldTruvp are easy to look past, giving schemers a chance to confuse the electorate with their posts.  All it takes is one viral retweet to start spreading misinformation.
Cyber criminals use public information already existing online to steal an identity or biography.  While some accounts are completely fake, masquerading as a recruiter with a stock photograph and invented resume, duplicate accounts are even more dangerous.  They look identical to the real thing, presenting the guise of an actual trusting relationship. And these connections can quickly grow, providing the criminal access to a wide network of contacts. Armed with access to email accounts and features like InMail, criminals send out dangerous links from the fake trusted source, leveling a devastating email-based attack within the organization.
How Attacks Happen:

  1. Social engineers mine social sites for professionals’ life details, work histories and key words to plausibly assume any identity.
  2. Hives of imposter accounts generate bogus endorsements, recommendations and contacts to increase credibility. Bogus affinity pages and groups can further attract potential contacts.
  3. The cyber criminals use connections with legitimate profiles to mine increasingly personal information, including workgroup information, names and nicknames of colleagues and peers.
  4. Attackers identify reporting structures, ongoing projects, and “inside information” like work and vacation schedules.
  5. The criminal crafts a seemingly legit email that can be used in a spear phishing/BEC attack, ransomware, or whaling scheme.
  6. The email is sent to a logical target, apparently from a trusted and authoritative source. The email will talk knowledgeably and casually about company issues. It will then request or demand an action of the reader – money or information transfer, network access, or opening a malware or ransomware-laden file.

How Security Teams Can Fight Back
These simple steps minimize the financial, reputational and operational risks caused by masquerading accounts:

  • Identify duplicate domains that represent real company employees and investigate further to verify if they are a threat.
  • Look for, review, and validate other LinkedIn profiles that claim an association you’re your company. Any rogue accounts should be reported immediately.
  • Evaluate LinkedIn groups, including alumni groups and affinity groups connected to the company. When an unauthorized social domain is identified, it should be shut down.

How Individuals Can Fight Back
Individuals can take proactive steps to protect themselves and their businesses.  Here are three simple ways to prevent social engineering:

  • When a stranger asks to connect online, ask yourself if you know them and how many common connections they have.
  • Scrutinize connections from peers and colleagues you previously have connected with. These are likely the work of a spoofer or a social engineer. Search for your friend’s actual profile.  If you are suspicious, you should report the profile to the site.
  • Be vigilant about potential attacks. Emails, particularly urgent requests and strange stories should be verified. Before you click, you should proactively investigate the requests legitimacy.

Socially engineered attacks continue to be profitable for cybercriminals, but they are preventable. Spreading awareness of social engineering is an easy first step to save your company millions.
 
About The Author
Greg Mancusi-Ungaro is the chief marketing officer for BrandProtect, a leader in cyber threat monitoring, intelligence and mitigation services. He is a frequent author and speaker, and a constant evangelist on cyber security issues, the changing nature of the modern threat landscape, and the emerging technologies that look beyond the perimeter to drive enterprise defenses against cyberattack. He blogs regularly on cyber threat and cyber security at info.brandprotect.com. For more information, email Greg.

ShareTweet
Previous Post

Highlights From Google’s Latest Transparency Report

Next Post

New Research Shows More than 30% of Employees Put Their Companies at Risk of Data Breach Due to Phishing Attacks

Recent News

AI Appreciation Day: Celebrating Progress, Embracing Responsibility

AI has crossed from assistant to operator, Check Point research warns

July 14, 2026
Q&A: Cyber’s Headed Back to the CSIDES

Q&A: Cyber’s Headed Back to the CSIDES

July 13, 2026

UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts, Check Point Research Reveals

July 13, 2026
Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol