Google+ What no one tells you about LinkedIn By Komando Staff ~ High Tech House Calls
Expert Computer Consulting for Homes and Small Businesses

Let there be hope...

Life has changed there is no doubt and we wanted to reach out to see how you are doing.

As we go through this interesting time, we are trying to look at this as an opportunity to focus on our family and on friends like you. Let us use this extra time to catch up and talk more. Let us cook food that is not fast, but interesting and satisfying. Let us learn to enjoy a time to try new things. Let us find ways to enjoy time at home!

Computer Security

If my client base is any experience, anyone can be a victim of a Ransomware, Malware or Virus attack.

What can you do about it?

I conduct audits of your entire computer infrastructure and apply best practice solutions to plug the security holes on your computers, Smartphones and networks.

Now offering consultations to give you the best protection possible:


404.229.0839
carlthorne@hthcatlanta.com

Jack of All Trades, Master of Many

Jack of All Trades, and Master of Many

We provide technical support for:


Homes and small businesses

Windows and the Mac OS platform

iPhones and Android Smartphones

Wireless and wired networks

New device setup

Old device upgrade or repair

One-on-one training

Remote assistance


How To Stop Malware

Tuesday, July 7, 2015

What no one tells you about LinkedIn By Komando Staff


With 260 million professional users, LinkedIn is the world's largest business-oriented social network. That also makes it a tempting target for hackers out to steal money, passwords or confidential business information. However, the hackers don't attack like you'd expect.

If you've ever seen the blockbuster movie "Ocean's Eleven," then you'd know that planning a heist takes many steps. The band of lovable celebrity thieves in the film always have to do one thing, though, and that's find an inside man. If you aren't careful, that could be you.

With sites like LinkedIn, hackers don't have bribe or threaten a company employee, they just need to find one they can trick. If the employee has high-level access, hackers can make off with anything they want.

Fortunately, you can stay safe if you know how hackers attack. I'm going to teach you some need-to-know ways to lock down your LinkedIn profile, and keep your company safe.

How hackers attack

Keep in mind that most corporate hacker attacks rely on basic social engineering, which means tricking information out of people instead of stealing it out of machines. And let me tell you, hackers have been getting smarter about their social engineering tactics.

You might have missed the story behind FIN4, the super-coordinated hacker team that invaded hundreds of companies. They weren't after customer records, however, but inside information that let them trade right in the stock market.

To invade the companies, FIN4 targeted those company's employees on LinkedIn to get one crucial piece of information: their company email address.

Search for your company on LinkedIn. Do any of your employees have their corporate email address publicly viewable on the site? That's all a hacker needs to figure out how to email anyone in your company.

Pattern recognition

Most companies follow similar naming patterns for the in-house email systems. Whether your email address is asmith@shopwell.com or adamsmith@shopwell.com, any hacker worth his salt can get the picture.

Say a hacker finds an employee's email address through LinkedIn and figures out that your corporate email addresses are formatted the same way. Their next stop will be your company's website, social site or other employee LinkedIn profiles to find as many employee names as possible, the more senior the better.

With a big list of names, hackers can start researching. The amount of research that hackers are willing to do before they start their attack is shocking.

They'll look up social accounts, forum posts and any publicly available information. Their goal is to make an email that will trick you into giving up crucial information. It might claim to be from another employee at the company, a company client or even the company boss.

If you've ever received those obvious phishing emails with subject lines like YOUR PAYMT CARD HAS BEEN CONPROMISED from PAYPALSECURITY@PayBuddy.net, know that this kind of phishing is nothing like that.

Act casual

A report published by cybersecurity firm FireEye revealed some of the emails the FIN4 group sent to executives. Here's one of the scariest ones.

From: [name]@[compromised company’s domain]
I noticed that a user named FinanceBull82 (claiming to be an employee) in an investment discussion forum posted some negative comments about the company in general (executive compensation mainly) and you in specific (overpaid and incompetent). He gave detailed instances of his disagreements, and in doing so, may have unwittingly divulged confidential company information regarding pending transactions. I am a longtime client and I do not think that this will bode well for future business. The post generated quite a few replies, most of them agreeing with the negative statements. While I understand that the employee has the right to his opinion, perhaps he should have vented his frustrations through the appropriate channels before making his post. The link to the post is located here (it is the second one in the thread):
http://forum./redirect. php?url=http://%2fforum%2fequities%2f375823902%2farticle.php\par

Could you please talk to him?
Thank you for the assistance,
[name]
Beside the wacky FinanceBull82 username, everything else in that email is believable. The message is designed to put its recipient on the defensive and click the link without thinking.

The site linked in the above email was a fake forum built to further drive home the criminal's story. The malware was hidden in a document linked on the forum.

At that point, the hacker can slip a virus on to the employee's computer and start stealing information. If they get the employee's username and password they can attack other parts of the company network.

It isn't just email. Hackers might find an internal phone number for an employee and call up pretending to be with I.T. They'll claim there's a problem with your computer and need remote access or your username and password.

They might use a manager's name to email you a virus-laden spreadsheet showing "a major financial error that could cost you your job." You're probably not going to think twice about opening it.
There are lots of variations hackers have perfected. In a successful attack, hackers can get everything the company has to offer. So how can you stay safe?

Securing your vault

Keeping your company safe starts with recognizing who can see you or your employees online, and what they can see. Ask employees to use their personal emails on LinkedIn, and make sure that LinkedIn pages that criminals might find won't reveal too much about how your company works.
If your contact information has to be readily available because of your business, then you're always going to be vulnerable to these attacks on some level.

On the plus side, LinkedIn does hide your contact information from the public. So hackers will try to become a contact on LinkedIn by pretending to be in your business field, or even pretending to be someone they're not.

Recently, I've received LinkedIn invitations to network with some really big name national talk show hosts. Now, I know these people by name, but we've never done business together - the whole purpose of LinkedIn.

It smelled scammy and after research I found that they didn't really send little ol' me a LinkedIn request. Hackers had set up accounts with their name to try and trick me. So, you can't just accept everyone who wants to connect with you without research.

If you haven't seen these three scams that can fool anybody, then check them out and share them with your employees. Letting your employees know the danger is a good way to keep them from giving away information they shouldn't.

Updating your anti-virus software can only do so much when a hacker manages to trick a manager into installing spyware.


Keep your employees up to date on phishing scams and the fact that hackers aren't just casting wide nets anymore. They've found spear phishing, an aggressive tactic for targeting businesses, to be much more profitable.