There had been company picnic the previous weekend
Social Engineering via Social Networking
by M. E. Kabay, PhD, CISSP-ISSMP
Associate Professor of Information Assurance
School of Business & Management
Norwich University, Northfield VTFortunately for the financial institution, the thieves were not adept at hiding their activities.
More than one person in the company had received the fake link and complained to the corporate administrator that the link to the pictures was not working. The administrator got suspicious and found the breach after closely examining corporate system event logs.< http://www.physorg.com/news187688322.html > It had all started with an employee using Facebook on a company laptop.
Readers with an investigative streak will quickly establish that I do use LinkedIn, the professionals’ social-networking site. I feel confident about the safety of using LinkedIn because numerous members of the cybersecurity community use LinkedIn. LinkedIn is designed for the business and privacy-minded. A member of LinkedIn has greater command over what others see in their public profile. LinkedIn has granular controls, allowing the user to block specific details of his\her profile from public view. You can choose to show or not show your picture, your location or even your last name <
http://www.cio.com/article/485489/LinkedIn_Privacy_Settings_What_You_Need_to_Know? page=2&taxonomyId=3055 >.In contrast, Facebook recently reduced its users’ abilities to manage what others see in their personal data. Facts like your current city, educational level and employment will be public information unless they are deleted < http://www.eff.org/deeplinks/2010/04/facebook-further-reduces-control-over-personal-information>.
Copyright 2010 Jan S. Buitron & M. E. Kabay. All rights reserved.
Permission is hereby granted to Network World to distribute this article at will, to post it without limit on any Web site, and to republish it in any way they see fit.
