Thursday, September 27, 2012

Employee personal social media accounts could attract dangerous phishers to workplaces

The Washington Post has a front page story on the indirect danger to workplace networks from social engineering of phishing attacks aimed at employees.  The story by Robert O’Harrow Jr. is titled “Zero Day: Cyberattacks hit targets with human touch”, online “investigations” link here

Cybercriminals troll the personal social media accounts of low-level workers in sensitive jobs, and figure out how to send them emails, often with sender-ids spoofed with names of other coworkers, that will lead to infection of their employers’ networks with spyware, that could lead to industrial espionage or to compromise of customer accounts.
It’s disturbing that personal social media accounts can lead to these risks for employers, and they could lead to more “conflict of interest” and blogging policies.  

No comments: