Wednesday, May 15, 2013

Linked-In Social Hacking for Fun or Profit?

Two days ago an Impostor invited me on Linked-In. I didn't recognize the name or face, so I looked at her profile. She had about 30 contacts - none in common with me. She didn't attend the same schools. In fact, I had absolutely nothing in common with her. This morning she has 143 contacts and growing. At least 9 of my contacts have accepted her invitation. WTF?

I receive requests for new contacts about once a week. Linked-In is my primary work database and where I regularly seek connections, contacts and work. Aside from the mobile interface, I love it.

Lately, about 1 in 5 contact requests are from Impostors or Posers. Impostors are clearly not who they say they are. While Posers appear to be legitimate humans attempting to exploit a vague connection to me. I have no idea why they do this.

I assume the former are malicious hackers intent on lowering the bar for me to give up personal details, steal identity, passwords, credit cards and accounts.  The later seem to be self-agrandizing attempts to develop a persona in search of some future reward. Perhaps they are bored, counting contacts or looking for a job.

My anecdotal evidence is these Impostor and Poser accounts live on and show some success. Individuals accept invitations and their contact numbers grow. Apparently, three clicks to validate your contact is too high a barrier for most.

This morning, I googled the Impostor's  image. The photo is an actress from "Dead like Me." I didn't even watch the show. I flagged the account. You can thank me latter.

I'm losing trust in my fellow cybercitizens because of their careless behavior. The only protection you have is the lock on your own doors. I have 100s of them online and people are making it easier for them to get closer to me. This could keep me awake at night.

Undoubtedly, Linked-In, Facebook, Google, etc. have large data mining capabilities to flag these accounts, but I don't see it. When will the analytics be available to me to look for patterns of fraud and misrepresentation? Is this the Premium Feature I am going to pay for next?


Why does someone pretend to be someone they are not on Linked-In? 


Case Study

"Levins Michelle, Recruiter at Colliers-International" -- perhaps not even a she, but a script experiment from a hacker.

The photo is of Britt McKillup (thank you google image). Colliers may have recruiters recently out of college. There must be people with the first name "Levin" or last name "Michelle", but I don't know any of them. In fact, I can't think of a single one of my 100s of contacts who is associated with Colliers or 20-year olds from San Jose State.

If I can figure this out in less than 5 minutes, why can't Linked-In?

Yes, I flagged the account... You should also... 

No comments: