 |
| Image from Pixabay |
“Pippi Longstocking
follows you and invites you to connect.” If you don't recognize this text, then
you are one of the few readers who are not on LinkedIn, I think. If you are a
member, then I have two questions for you: how do you respond to such invitations
and how would you respond better?
For your convenience,
the invitation mentions that you and Pippi have some mutual friends: Tommy and
Annika. That should serve as a kind of reference. However, I don't trust that,
especially since I once asked a colleague how he knew such a Tommy or Annika.
“Who?” was his telling response. Many people blindly click the button to
befriend the new contact.
LinkedIn, the Facebook
for professionals, like all social networks, benefits from a growing number of
members. They therefore make it extra tempting to click on 'yes': Pippi only
asked if you wanted to be friends, LinkedIn added Tommy and Annika on their own
initiative. But who is that Pippi anyway? You can already view her profile
before accepting her friendship. If Pippi Longstocking, as we all know her,
were on LinkedIn, her profile would look something like this. Job Title: Boss.
Company: Villa Villekulla. Education: none. Knowledge: everything. Skills:
being strong and rich. Number of connections: millions.
On LinkedIn I found
three accounts under the name Pippi Longstocking. Those accounts have a lot in
common: one or no followers, never posted a message, no photo and a very empty
profile at all. One of them claims that she graduated from Harvard Business
School in 2016 and is the founder of a candy factory in Kansas. Number two is
the boss of a sportswear and accessories company in California and the third is
a self-employed menu planner in England.
I have no idea what
the point of these accounts is, but I do have an idea of what one can do with
fake accounts. The platform has been reported as a highly prominent tool of phishing
cybercriminals. LinkedIn explains it this way: “Fraudsters may use a practice
called phishing to try to obtain your sensitive data such as usernames,
passwords, and credit card information. These fraudsters impersonate legitimate
companies or people, sending emails and links that attempt to direct you to
false websites, or infect your computer with malware.” And they provide even more
information and examples of LinkedIn-related phishing.
The three Pippi
accounts I found are far too bare-bones to be used for phishing purposes. Real
fake accounts usually contain an impressive profile, which makes them appear
realistic. The photo shows a pretty young lady rather than an ugly guy. And
often those photos are fake too: last year, researchers at the Stanford Internet
Observatory discovered more than a thousand artificial intelligence-generated
profile photos on LinkedIn. Sigh – now you not only have to recognize phishing
mail, but you also have to learn to recognize AI photos. And that's not easy,
especially with stamp-sized photos. In addition, fake accounts paint the image
of a highly experienced professional in your field. Basically, you see someone
you'd like to add to your stamp collection.
Incidentally, phishing
is not the only thing you can do with this. Connecting via LinkedIn can also be
used more broadly for social engineering – hacking the human – with the
aim of getting someone to get information or do certain things. At first there
may be just be some (professional) chitchat, and then gradually move on to
topics that your employer might prefer you not to talk about.
Back to the questions
at the beginning. Do you blindly accept connection requests? And if so, what do
you think about it after reading this blog? I handle them this way: I always
accept requests from colleagues (after checking whether they are really
colleagues), and I only accept other people if I have met them in real life
before. That's what it says in my profile. Not everyone reads that – I decline some
connection requests every week. Very rarely will there be a criminal among them,
but at least I keep them out this way, too. Does that mean I have fewer
connections? Yes, but so what? And if you would like to read the Security
(b)log on LinkedIn, you can simply follow me.
And so, dear intranet
editor-in-chief, Pippi Longstocking made it into a work-related blog (-;
And in the big bad world…
This
section contains a selection of news articles I came across in the past week.
Because the original version of this blog post is aimed at readers in the
Netherlands, it contains some links to articles in Dutch. Where no language is
indicated, the article is in English.
- North Korean state hackers have been targeting academics and media in the US and South Korea.
- We've
all been victims of a data breach at least once. [DUTCH]
- scammers advertise on US government websites.
- extortionists make nude photos of you with artificial intelligence.
- the British warn us about the risks of neurotechnology.
- the
Dutch privacy
regulator asks for
clarification about ChatGPT. [DUTCH]
- it
will take some time before the Dutch government meets all security standards. [DUTCH]
- Shell leaks data (who again said: data is the new oil?)
.jpg)
No comments:
Post a Comment