Throughout their careers, many security professionals have come across people who say: ‘I bet you couldn’t hack me!’
In February 2022, Jake Moore, global cybersecurity advisor at the European firm ESET, took this literally and tried to hack several employees of the same company, using exclusively publicly available information, off-the-shelf tools and social engineering techniques. He shared his experience at DTX Europe on October 13, 2022.
Moore’s aim was to use LinkedIn, a professional social media platform with 800+ million users, including 40% who check it daily. “LinkedIn’s InMail message system gets four times more responses than a traditional email. I wondered if I could use it in a phishing way,” he said.
Get the CEO’s Password
He started to create and build a fake profile called ‘Jessica,’ at first without knowing what to use it for. “LinkedIn says they do a lot to make sure the profiles on their platform are not fake, but their algorithm is pretty poor at that. It basically looks for accounts that have been created in succession – not really what you’ve done with them. If you create an account to look real by creating a history, posting, liking things and making connections, you’ll bypass all of LinkedIn checks,” he added.
This is what the cybersecurity advisor did – by downloading a fake picture from the website ThisPersonDoesNotExist, choosing a female-looking face to leverage some people’s tendency to use LinkedIn as a dating site, creating a fake background in the TV industry and using a fake position at the UK national channel ITV.
No tags.
