Skip to content
Imran ViraniNov 28, 20222 min read

Security Impurities: News of the Week (October 26th - November 1st)

Let that Linkedin…: Linkedin’s new security features to combat social engineering

We at Mirai have discussed the dangers of phishing and social engineering, particularly when it comes to harmful messages sent via email, text, or phone calls. However, not all social engineering happens on these platforms. For years, Linkedin has been a hotbed for scammers. They phish other users with deepfaked photos, malicious connection requests, and job scams. That is why Linkedin has announced new security features to combat these scams.

What are these new security features?

There are three main features Linkedin has introduced to protect its user base. The first is an "about this profile" tab on every account that shows when a Linkedin profile was created and last updated. This makes other users aware of whether an account has been around for years or is brand new (a huge warning sign for scam accounts).

The second is the introduction of technology that allows Linkedin to spot AI-generated profile photos used often by scammers. Finally, they have introduced new protections against harmful messages. The website will now feature warnings for potentially phishy messages.

Linkedin has also asked its users to report any suspicious accounts or messages. With these features, Linkedin is showing that phishing can occur on any platform, and social media websites have a responsibility to fight it.

New York Toast: The NY Post Twitter hack and its cyber security implications

The NY Post suffered an embarrassing incident this past week when their social channels were hacked. The work of a rogue employee, this hack resulted in offensive, phony headlines about US politicians. While the employee has been fired, this hack shows the danger of leaving a company's social media unsecured.

While we have previously explored the importance of removing credentials for former employees, the possibility of an attack like this being committed by someone still employed by your organization is very real. For companies like the Post, image is everything, and protecting their social channels is very important.

SMBody once told me: Cybersecurity threats for small and medium-sized businesses

Running a small or medium-sized business (SMB) is not easy. Without the resources to invest in robust security services, companies are forced to take chances. Often, this leads to SMBs taking advice from unqualified sales people. These con artists are more interested in making a sale than properly protecting a business. This can result in SMBs that lack the protection or cybersecurity knowledge to ward off hackers.

This week, Vancouver cybersecurity firm CyberCatch released a report saying that 80% of SMBs are at risk of a cyber attack.

What attacks pose the most risk to SMBs?

According to CyberCatch, the attacks SMBs are most likely to fall victim to are spoofing, clickjacking, and session riding. What's troubling is that although all three episodes can fool businesses small and large, SMBs do not often have the resources to educate their employees and prevent these attacks.

Cybersecurity should not be a luxury that SMBs cannot afford. There are plans SMBs can install that are affordable and effective. However, doing so requires research and a willingness not to trust every salesperson with a catch-all solution.