How to avoid cyberspies on Facebook, LinkedIn

The first line of defense against a social media-related attack recently perpetrated by a suspected Iranian hacker group is to teach employees how to spot cyberspies, experts say.

The use of social media to trap specific targets is common in government-sponsored espionage campaigns. In the latest attack, hackers posed as attractive women on Facebook and LinkedIn in order to lure associates of the targets, security consultancy iSight Partners reported Thursday.

[Microsoft admits email hack as Syrian Electronic Army gloats]

By first gaining credibility with the associates, the hackers hoped to later use those relationships to build trust with the intended victims. The actual targets included U.S. military members, lawmakers, Washington, D.C., journalists and defense contractors and lobbyists for Israel.

The purpose of the scam was to eventually trick people into divulging their email credentials on spoofed login pages.

While companies could try to avoid such an attack by barring employees from using social media on corporate PCs, such a strategy would be difficult to enforce and ineffective, experts say. That's because employees can just as easily give up their credentials using their own computers.

The better solution is to teach employees about the tipoffs of a scam, such as inconsistencies in the information provided by the attackers, John Hultquist, manager of cyberespionage and threat intelligence at iSight, said.

"What eventually gave them (the suspected Iranian hackers) away were the mistakes they made," Hultquist said. "A lot of things were inconsistent with who they claimed to be."

For example, one of the attackers claimed to be a member of the U.S. Navy and the U.S. Army at the same time, while another who claimed to be a journalist had poor English skills, Hultquist said.

Employees should also be told never to trust the identity of a person given online. "Ask probing questions," said Kevin Coleman, strategic management consultant with SilverRhino, which advises government agencies on security.

If a person claims to be from a particular organization, then employees should look up the entity's main number and use that in verifying the contact, Coleman said. Also, they should ask for the person's employer email address and never accept namedropping as a form of credibility.

"Don't fall for the so-and-so is linked to them, so they must be OK," Coleman said.

Employees who suspect they've been duped should not fear being disciplined. This will help ensure prompt reporting of incidents to the IT security department.

Besides changing the victim's login credentials, the security team should gather as much information as possible in order to find clues for preventing future attacks.

"A lot of these attacks are very consistent or they have similarities," Conan Dooley, security analyst for consultancy Bishop Fox, said.

For example, if an attack is connected to a malicious site, then it's likely the location was used in other attacks. Therefore, the security team should look for other computers that visited the site, Dooley said.

Companies can then turn to their login monitoring tools to determine whether the credentials of people using those computers have been misused, Dooley said.

The response companies take to a potential breach should be tailored to the individual organization, since the threats posed by an attack will vary, depending on the company, Dooley said.

[Ajax Security Team: Are they Iran's latest threat?]

"It's really about finding something (a response) that's appropriate for that particularly company," Dooley said. "The larger struggle we have in security is understanding the problems in a nuanced way and an appropriate way for the company that we're working with."

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurityapplicationscyber espionagesecuritysecurity best practicesphysical securityLinkedInemployee educationsoftwareemployee securitydata protection

More about FacebookMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts