Risk Management

12:39 PM
Ivy Schmerken
Ivy Schmerken
Commentary
Connect Directly
Facebook
Google+
Twitter
RSS
E-Mail
50%
50%

The Perils of Social Media: Hackers Target Linkedin Profiles

Finance and IT professionals prefer Linkedin as their social network of choice, but detailed profiles can invite hackers.

Investment banks and other Wall Street firms have embraced Linkedin as a professional social media site network with their peers, recruit talent and even set themselves up for their next job.

But think again. According to cybersecurity experts, finance and IT professionals who share every detail of their professional lives in their LinkedIn profiles are opening the door for computer hackers to target individuals in their companies.

“On Linkedin, I could in five seconds find out 10 email addresses. And I could have a good idea what their user name is and if their passwords are simple, I can take guesses,” commented Steve Schoener, VP of Technology at Eze Castle Integration, a provider of IT services, technology and consulting firm to hedge funds and investment firms.

The concern is that hackers are using social media to target individuals directly to figure out their passwords through trial and error, and attempt to gain access to applications or corporate systems. “We see social engineering [through] Twitter, Facebook and Linkedin. They’re looking at telephone and email contact. They’re looking at corporate structure information, who reports to whom, who’s in charge of special projects and acronyms they use and building that knowledge of how we talk at work,” said Dave Ostertag, global investigations manager at Verizon Business. “Now with the board an senior level managers and the staff ,enjoying Facebook, Twitter, it’s a lot easier for the bad guys to data mine information that makes it enticing for a user to be targeted and click on an email,” said Karl Smith, Head of Cyber Security Assurance Services at BT.

Companies need to train their employees to recognize social engineering and to report that to security staff, said Ostertag. They also need to report what projects or business units they are being asked bout or what specific data. As a precaution, some companies are starting to use honey pots — fictitious identities. “There might be particular titles or business units that someone is looking for information on,” he said. “You create that identity as the contact person, suggested Ostertag.

[SEC Loosens Social Media Stance: Beware of CEO Tweets at 2 AM ]

Another idea is to simply put less information into the Linkedin profile. People have a tendency to describe their role in tremendous detail and discuss all of their past jobs, said experts. But experts suggest, there is security in obscurity.

Ivy is Editor-at-Large for Advanced Trading and Wall Street & Technology. Ivy is responsible for writing in-depth feature articles, daily blogs and news articles with a focus on automated trading in the capital markets. As an industry expert, Ivy has reported on a myriad ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
6/25/2013 | 1:58:30 PM
re: The Perils of Social Media: Hackers Target Linkedin Profiles
Martin, I agree with you that sharing profiles on Linkedin is fairly innocuous and socially positive. That was until I spoke to several security experts Gă÷at least 3 brought up Linkedin profiles as ways to glean information about corporate execs and corp. structure. It just makes it easier to gather this information. In the past, this would have been much harder to do. Cybersecurity experts advise individuals to be more general in their descriptions. I'm just reporting what I heard.
Martin Stein
50%
50%
Martin Stein,
User Rank: Apprentice
6/24/2013 | 7:00:08 PM
re: The Perils of Social Media: Hackers Target Linkedin Profiles
Looking at Linkedin profiles does only show email addresses and phone numbers if you are directly connected to each other. And even then it is easy to hide those from connected contacts. Usually people do not share "every detail of their professional lives in their LinkedIn profiles" --- that would be unproductive to say the least.

You'd have to explain a bit better how talking about past experiences reveals passwords. Your own linkedin profile e.g. shows "Report and research articles related to capital markets and usage of information technology. Started as associated editor, promoted to senior editor, executive editor and served as editor in chief and editorial director."

This doesn't tell me anything remotely secret about you, especially not emails and phone number - I could probably look that up in the magazine or the web site.
mnewman100
50%
50%
mnewman100,
User Rank: Apprentice
6/24/2013 | 6:38:22 PM
re: The Perils of Social Media: Hackers Target Linkedin Profiles
Excellent write-up Ivy!
More Commentary
Wall Street CIOs Have a Vendor Management Problem
If Wall Street CIOs want to stay ahead of competition and ensure high-speed trading software doesn't start the next flash crash, they need better insight into vendor delivered software.
Technology Innovation Returns to Financial Services
Capital Markets Outlook 2015: Following a few years dominated by regulatory compliance and cost saving technology initiatives, financial organizations are finally investing in innovative technology and tools.
Voice Biometrics Improve Transaction Monitoring Fraud Detection
Why voice biometrics should be a part of your fraud prevention strategy in the call center.
Fintech Fast Forward 2015
What will shape the future of Fintech in 2015 and beyond?
Look Deeper at Business Connections
When a business person or practice crosses the line, what should a professional do?
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.