Cyber Security: The social network where everyone's been netted - PKF Francis Clark
skip to Main Content
Office closures - Our teams have worked exceptionally hard during the pandemic, so we are giving everyone an extra day’s holiday as a thank you. On Friday 23 July our offices will be closed and we will be offline.

Cyber Security: The social network where everyone’s been netted

Social networks are one of the most common ways we communicate in the 21st century. We use them for entertainment, social interaction and even business. But with all the personal details we put on social media, how easy is it to use that information to manipulate somebody into doing something they shouldn’t? This is where phishing comes in…

Phishing

Well, it’s not to be confused with the activity of sitting in front of a lake for six hours in the pouring rain with nothing more than a rod and a net. Phishing is an attack performed by crafty criminals who attempt to trick a user into doing something they shouldn’t, such as visiting a dodgy website or downloading a malicious application.

There are many variations of types of phishing as well, which if referred to correctly will definitely impress your cyber security team:

  • Vishing
    An attack where an unsavoury character will call you up and ask for information about yourself, tricking you into providing personal confidential information. A common example of this is when you might get a call from somebody purporting to be from a certain large technology organisation’s support department, when in reality it’s a chap in a call centre with the aim of extorting money from you
  • Smishing
    Keeping on the same track as vishing, it involves your phone, however the method isn’t to call but to text message a user instead. A very common example that’s been in the news recently was the Royal Mail scam, where a group of individuals were sending messages to say a package was ready for delivery but required payment before collection

Why does all of this matter?

Well, we may be in for a tough ride over the next couple of months. As recently as March 2021, the National Cyber Security Centre reported that in the last 12 months 83% of businesses and 79% of charities have experienced a phishing attack.

Making matters worse, as of 27th June 2021, over 700 million LinkedIn records had been put on hacking forums and were being sold to anyone who wished to purchase them. What makes this different to other breaches is this is up-to-date and current data that was obtained as recently as this year. Often data breaches are a mixture of old records that aren’t relevant any more.

The one solace that we can take is that LinkedIn has said that no confidential information such as passwords has been stolen, however the following has:

  • Email addresses
  • Full names
  • Phone numbers
  • Physical addresses
  • Geolocation records
  • LinkedIn username and profile URL
  • Personal and professional experience/background
  • Genders
  • Other social media accounts and usernames

How was this data obtained?

It turns out the data was obtained using the publicly available LinkedIn API (a method where two different programs can talk to each other). This isn’t the first time this has happened either – a data leak using the same method occurred back in April 2021.

And for those wondering, I have confirmed that my own data has been leaked, and I am sure that given an estimated 92% of LinkedIn’s user base are affected, you may well be reading this and wondering whether you’re affected too.

So how do I find out if it’s been leaked?

The first thing to do is check the LinkedIn Data Breach Checker set up by CyberNews that can be found here.

The second step is to check HaveIBeenPwned, a website that allows you to check your email address or mobile number across years’ worth of data breaches and see what information was leaked. Visit the site here.

Once you’ve done both of those things, I would change your password on any affected accounts and the associated email addresses. If there is the ability to turn on multi-factor authentication (MFA/2FA) then do so.

What can I do to protect myself as an employee?

A common mantra used in cyber security is that humans are the first line of defence against attackers, but they’re also often the most vulnerable if not trained properly. Request from your employer any cyber awareness training that is available to you, and if not, check websites like the National Cyber Security Centre to find top tips on how to secure yourself from attackers.

Find out more about our cyber security experts

FEATURING: Ryan Goodwin
Ryan Goodwin is a cyber security professional with experience in Digital Forensics, Incident Response, IT Service Continuity and Computer Networking. He has over 8 years… read more
Back To Top