Social networks breeds social engineering exploitation
A colleague received a LinkedIn message from someone asking to be invited into my colleague's LinkedIn network. The message looks something like this:
Of course, his name isn't "Mr. Spammy" and his photo looks like a real person.
Before creating this blog post, I Googled some of the phrases in this email. After all, I don't want to yell "fire in a crowded" network. No hits resulted from my search. However, if you have received such a LinkedIn message, please let me know by commenting on this post.
Nonetheless, the tone of the "can you invite me into your network" LinkedIn message and "I won't spam" is pure spammer language. In fact, the requester may be a spam bot spidering around to find LinkedIn users with hundreds or thousands of LinkedIn connections.
Any IP-based communication can be targeted by the "bad guys." The good old email Nigerian Scam has gone 2.0: Nigerian Scam 2.0 Targets LinkedIn and Other Social Networking Sites IP-based communication is a great vector for malware. In the LinkedIn email above, see "Here is a quick link to start the invitation process: http://tinyurl.com/9wxyzk." The viability of social networking is based upon cycles of trust relationships -- a fertile ground for the "bad guys" to exploit.
As ABC News states in Social Networking Applications Can Pose Security Risks
social networkers have little understanding where their information goes and how it's used — and as a result, have a false sense of security.
As for me, I love LinkedIn, and I don't accept invites from folk that I don't know. I also click the link under the sender's name just to make sure that the person sending the request has a valid LinkedIn profile -- that is, he is who he says he is.
... which "begs the question,"when trust is compromised, can social networks -- in their current form -- remain viable?