Compromising the Supplier Chain

LinkedIn Phishing

We have seen a few customer reports recently around receiving malicious attachments and messages from LinkedIn. We wrote about this type of attack appearing again more frequently, although its been around for quite some time.

However much a business tries and attempts to prevent attack and infection to their computers and business, from securing the perimeter by filtering email and web traffic, right down to the controls on the endpoint looking after Antivirus and educating the organisations users about the threats, they are ever evolving.

supplier chain

Attackers are using compromised LinkedIn accounts to send messages to the accounts connections. LinkedIn being a business tool, users are allowed in the main to browse it and see these messages.

These messages are normally a PDF file, with links embedded in them that will either

  • download a virus or, even worse,  ransomware to your computer
  • Prompt a user to enter in some form of credentials, normally Office365, in an attempt to gain a foothold into the customers environment

LinkedIn prompts recipients also of pending unread messages that they have, so these come sailing through to the recipients email legitimately from LinkedIn as trusted messages and adds weight to these messages being genuine and trusted.

Users in your business can protect themselves in as many ways they can as possible but situations like this are out of a business’s control. You can protect your LinkedIn and Office365 accounts with Multi-Factor authentication, but you cant be in control of your connections security.

Ways to Prevent

1

  • Ensure you use MFA (Multi Factor Authentication) wherever you can. LinkedIn supports it, Office365 Supports it, Google supports it. Consider where your sensitive data is stored and ensure you have it as protected as it can be
  • Educate your users on the threat of Phishing, through email and through other mediums such as LinkedIn. If a message is received, think for a moment whether its expected and its valid. Treat attachments and links as suspicious.
  • Watch out for the messages, treat them as insecure. Indicators could be a badly spelt, has a link which has been shortened and not easily recognisable, asking you to view a shared document.

 

Past Blogs

benefits of cybersecurity

Benefits of CyberSecurity

The benefits of cybersecurity. With vast amounts of information are stored online, the benefits of robust cybersecurity are more vital than ever. At Network &...
what is dmarc

What is DMARC

What is DMARC and Why Does Your Business Need It? When it comes to protecting your business from cyber threats, email security is often overlooked. Yet, email is one of...
Why is password management software important

Why is Password Management Software Important

Why is Password Management Software Important for Your Business? In today’s digital world, passwords are the keys to your business’s most sensitive information. From...
What is Email Filtering ?

What is Email Filtering and Why Every Business Needs It

Email is the lifeblood of business communication, but it’s also one of the most vulnerable entry points for cyberattacks. According to research, 96% of cyber threats...
What’s your business’s view on Return to Office?

What’s your business’s view on Return to Office?

Do you love keeping your employees happy by allowing them to work remotely? Or do you think everyone is more productive in the office? Businesses are divided on this...
Outdated backup systems could leave your business vulnerable

Outdated backup systems could leave your business vulnerable

When did you last review your business’s backup tools? Outdated backup systems can fail to protect you from modern threats, like ransomware attacks. If you want a...
Microsoft’s fixing this annoying Windows 11 fault

Microsoft’s fixing this annoying Windows 11 fault

Fed up seeing useless “Recommendations” in the Windows 11 Start menu? Good news – Microsoft’s making them more helpful. Here’s how the improvements could help your team...
Beware that corrupted email attachment: It could be a scam

Beware that corrupted email attachment: It could be a scam

Cyber criminals get more creative every day. The latest scam designed to steal your business data uses corrupted Word files – and getting fooled is easier than you...
Are your employees your security’s weakest link?

Are your employees your security’s weakest link?

Great employees have the same goals you do. But while they’re working hard to help your business succeed, they could accidentally be opening the door to cyber...
The two big threats of doing business on public Wi-Fi

The two big threats of doing business on public Wi-Fi

Public Wi-Fi can be a lifesaver when you must send an urgent email while out of the office. But did you know it can also put your business data at risk? These are the...