Government Agency Compromised by Facebook Scam
Hackers were able to compromise a government agency by using a Facebook ‘hottie’ scam.–PC Pitstop
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
The oldest trick in the world still works: the honeytrap. It’s very well known in the spy business and has been used for centuries to social engineer people. Today, it’s even easier to trap people with this because you do not need a live good looking woman anymore. It’s all done virtually. Here is a good example you can send to all employees, a real story about a government agency compromised by a fake Facebook hottie. Remind them that they need to THINK BEFORE THEY CLICK: This is the link to the ZDnet article:
Using social media profiles and a photo of a real (and consenting) woman, two hackers fooled a government employer into believing she was an employee, conning them out of a company laptop, network credentials, and more.
They used “her” Facebook and LinkedIn connections to send out holiday cards linked to an attack site, which the government employees visited, and scammed one employee into sending her a work laptop – as well as network access credentials and more, such as SalesForce logins.
The researchers used the imaginary pretty girl’s poisoned holiday e-cards to gain administrative rights, obtain passwords, install applications and stole documents with sensitive information – some of which, according to the hackers, included information about state-sponsored attacks and country leaders.–ZDNet 11/1/2013
This excerpt appears with permission from knowbe4.com.