Risk Management

12:39 PM
Ivy Schmerken
Ivy Schmerken
Connect Directly

The Perils of Social Media: Hackers Target Linkedin Profiles

Finance and IT professionals prefer Linkedin as their social network of choice, but detailed profiles can invite hackers.

Investment banks and other Wall Street firms have embraced Linkedin as a professional social media site network with their peers, recruit talent and even set themselves up for their next job.

But think again. According to cybersecurity experts, finance and IT professionals who share every detail of their professional lives in their LinkedIn profiles are opening the door for computer hackers to target individuals in their companies.

“On Linkedin, I could in five seconds find out 10 email addresses. And I could have a good idea what their user name is and if their passwords are simple, I can take guesses,” commented Steve Schoener, VP of Technology at Eze Castle Integration, a provider of IT services, technology and consulting firm to hedge funds and investment firms.

The concern is that hackers are using social media to target individuals directly to figure out their passwords through trial and error, and attempt to gain access to applications or corporate systems. “We see social engineering [through] Twitter, Facebook and Linkedin. They’re looking at telephone and email contact. They’re looking at corporate structure information, who reports to whom, who’s in charge of special projects and acronyms they use and building that knowledge of how we talk at work,” said Dave Ostertag, global investigations manager at Verizon Business. “Now with the board an senior level managers and the staff ,enjoying Facebook, Twitter, it’s a lot easier for the bad guys to data mine information that makes it enticing for a user to be targeted and click on an email,” said Karl Smith, Head of Cyber Security Assurance Services at BT.

Companies need to train their employees to recognize social engineering and to report that to security staff, said Ostertag. They also need to report what projects or business units they are being asked bout or what specific data. As a precaution, some companies are starting to use honey pots — fictitious identities. “There might be particular titles or business units that someone is looking for information on,” he said. “You create that identity as the contact person, suggested Ostertag.

[SEC Loosens Social Media Stance: Beware of CEO Tweets at 2 AM ]

Another idea is to simply put less information into the Linkedin profile. People have a tendency to describe their role in tremendous detail and discuss all of their past jobs, said experts. But experts suggest, there is security in obscurity.

Ivy is Editor-at-Large for Advanced Trading and Wall Street & Technology. Ivy is responsible for writing in-depth feature articles, daily blogs and news articles with a focus on automated trading in the capital markets. As an industry expert, Ivy has reported on a myriad ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
6/25/2013 | 1:58:30 PM
re: The Perils of Social Media: Hackers Target Linkedin Profiles
Martin, I agree with you that sharing profiles on Linkedin is fairly innocuous and socially positive. That was until I spoke to several security experts Gă÷at least 3 brought up Linkedin profiles as ways to glean information about corporate execs and corp. structure. It just makes it easier to gather this information. In the past, this would have been much harder to do. Cybersecurity experts advise individuals to be more general in their descriptions. I'm just reporting what I heard.
Martin Stein
Martin Stein,
User Rank: Apprentice
6/24/2013 | 7:00:08 PM
re: The Perils of Social Media: Hackers Target Linkedin Profiles
Looking at Linkedin profiles does only show email addresses and phone numbers if you are directly connected to each other. And even then it is easy to hide those from connected contacts. Usually people do not share "every detail of their professional lives in their LinkedIn profiles" --- that would be unproductive to say the least.

You'd have to explain a bit better how talking about past experiences reveals passwords. Your own linkedin profile e.g. shows "Report and research articles related to capital markets and usage of information technology. Started as associated editor, promoted to senior editor, executive editor and served as editor in chief and editorial director."

This doesn't tell me anything remotely secret about you, especially not emails and phone number - I could probably look that up in the magazine or the web site.
User Rank: Apprentice
6/24/2013 | 6:38:22 PM
re: The Perils of Social Media: Hackers Target Linkedin Profiles
Excellent write-up Ivy!
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.