Social engineering of employees using social media
How the fraud works:
The term “social engineering” is understood to be an approach whereby fraudsters manipulate users of social media through targeted psychological tricks. The aim is to tease confidential information from an employee.
Employees use social networks not only privately, but also professionally, with profiles for trusted business partners, colleagues and also for consultants and headhunters. Fraudsters send contact requests. By linking the profiles with a contact confirmation, the victim's own data and that of people networked with them is revealed. In this way, supposed headhunters can very easily spy on names, third party professional positions and their business relationships. Mobile phone numbers and email accounts (private and business) can be misused in order to make contact. In this way, you can be contacted with a given identity that you might know from the professional network. You do not suspect that criminals may be hiding behind the many profiles.
How can you protect yourself in this case?
- If you receive a contact request, carefully check whether you know the person or the person who recommended them.
- Set up your social media account so professional contacts are not visible to everyone.
- Check contact request profiles in advance for qualified contents and discrepancies.
- If you are contacted by headhunters, check whether the company behind them actually exists.
What to do if you are affected:
Open the social media profile (e.g. on Xing or LinkedIn) that looks suspicious to you. Then click on “More” on the top right and then on “Report profile”.