False flag: social engineering the social network of IO professionals

Some colleagues are reporting a phishing expedition to identify and engage Information Operations experts on LinkedIn. They’ve reported invitations from “George W.” who purports to be “Colonel Williams”, an “IO professional” in the DC area.

Invitations, with a number of wording variations, has been received by a number of active duty IO personnel recently.  Investigation by several others has shown that the profile is for a nonexistent person.

In short, be careful who you let into your social network. While you may not be passing along explicit data, bringing an unknown into your network allows the phisher – who may be a hacker, a curious teenager, looking for the next Wikileaks source or a foreign government – to explore and learn from your network. By bringing the person in, you impart a degree of trust the phisher will certainly leverage to gain additional access.

Below is a screenshot from the morning of 6 January 2010 of the LinkedIn profile for “George W.” The profile picture is stolen from another profile.

clip_image001

3 thoughts on “False flag: social engineering the social network of IO professionals

  1. Good catch on this. Might be a good idea to include instructions on how to remove a contact from ones profile, just in case it becomes necessary to do so. Is there a way to deny access to a false profile?

Comments are closed.