Linked-In – The Social Engineer’s Dream Tool

Hackers frequently infiltrate networks by attacking the people who use the network rather than the network itself.  How do the hacker’s attack the people? A common method is spearphishing, in which a highly personalized email is sent to a small number of people. Because the email appears to be real — it contains personalized information — the recipient responds to the email. This creates a relationship of trust between the victim and the hacker.

CNN Money reports on how security researcher Ryan O’Horo of IOActive used Linked-In to obtain personal information about a firm’s employees.  He used Linked-In to figure out the corporate reporting structure.  He then sent targeted emails to his intended victims and was able to obtain access to company information.

Of particular interest in this article is a video in which Eric Fiterman of Rogue Networks/Methodvue demonstrates how to construct a malicious email that effectively impersonates President Obama. Using malware delivered in an attachment, Fiterman takes control of the recipient’s computer.

click to access video

He steals passwords, searches for files and even takes a picture of his victim using the computer’s camera.  Watch the video at

People need to know if an email is really from the President. They need to know if an email is really from a co-worker.  SP Guard from Iconix let’s email recipients quickly and easily determine if the sender really is the President or a co-worker.

SP Guard Inbox

SP Guard provides the recipient with three confirmations that a message is real:

  1. List View. There is an integrity indicator in the list view of the email client.
  2. Message. The open message has a further indicator of authenticity.
  3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard now offers a fraud filtering enhancement.  This additional protection is becoming increasingly important given the latest generation of highly targeted spear-phishing emails which are so well crafted that users cannot tell real from fake.

SP Guard is available now from Iconix.  For further information, contact us at 408-727-6342, ext 3 or use our online form.


Comments are closed.