Hacker TomLiner put up a post last week on the dark web offering 700 Million LinkedIn records. Listed as a “GOD User”, no doubt TomLiner is active and well-known in that online community.
The data includes a number of details about each user, including:
- Email addresses
- Full names
- Phone numbers
- Physical addresses
- Geolocation records
- LinkedIn username and profile URL
- Personal and professional experience/background
- Other social media account usernames
What makes this so dangerous is that this aids the spear phishing diligence the cybercriminals already do as part of Business Email Compromise attacks. In many ways, these details make the job easier. The more legitimate a BEC phishing email can be made to look legitimate using actual details, the more likely the scam will be successful.
Even so, just knowing that cyber criminals can arm themselves with some impactful details familiar to the potential victim, you should be looking for ways to empower users to know when they’re being targeted. Security Awareness Training is one of the most effective ways, as it opens the user’s eyes to how the bad guys try to trick them, teaching them to be vigilant – even when emails appear legitimate.