FBI Cyber Division Warns About Social Networking

In response to questions I heard this weekend from friends of mine about the ‘big picture’ relevance of the 1.5 million Facebook accounts compromised, I referred back to last month’s FBI speech from Dep. Asst. Dir. Chabinsky:

“Don't be surprised if a criminal compromises your or one of your colleague's personal social networking accounts to retrieve the e-mail addresses of some of your friends, and then uses that information to spoof an e-mail to you or your colleague at work. Other criminals use publicly available information from a company’s website to target employees up to the CEO, whose titles, e-mail addresses, and major areas of interest are typically available on the website.”

Of course this is used directly for determining high value targets in a spear phishing campaign:

…These criminals, especially those who can properly write and speak English, can cheat people out of a lot of money by creating and deploying social engineering schemes for themselves or for other criminals who need a convincing malware infection vector. With specialization, fraudsters no longer have to mass-deploy their schemes, but can instead focus on spear phishing specific high-level targets with administrator level or payroll system access. They will often use research or multiple step compromises to ensure that the receiver will believe the e-mail is legitimate.

Maybe the FBI really knows what’s up. The guys and girls down here in San Diego’s office I’ve met seem to have a serious clue on what it takes to kick cybercriminals in the teeth. They can’t do it without our help though, even if it’s just through a grassroots effort.

Securing Our eCity Contributing Writer

Author ESET Research, ESET

Comments are closed.

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.