7 Tips to Verify Your Social Media Connections
In the fast-paced world of social media networking, it can be easy to click “accept” on most friend and connection requests. However, taking a bit of extra time to verify that the proposed connection is who they say they are pays off when protecting your fledgling personal brand, says Peter Warmka, founder of the Counterintelligence Institute and speaker in the 2022 CSO Center Leadership Series.
In his session, “It’s Your Personal Brand: What Could Possibly Go Wrong?” sponsored by Resolver, Warmka warns that malicious actors are more than willing to take advantage of CSOs’ desire to network and boost their professional reputations. They will use social engineering to gain additional insights and information about their target, craft a campaign, and launch a spearphishing initiative aimed at exploiting a security professional’s vulnerabilities, traits, and motivations. In addition, Warmka says that social media messaging platforms are even more effective than email in landing a spearphishing campaign.
Social media platforms have added benefits that lend malicious actors some credibility at a glance—they allow people to build fake profiles that share things in common with the target, and the photos and credentials in the profile can trick users into believing the direct message they received is genuinely from a fellow security leader.
The goal of connecting could be to access the CSO’s network or collect dirt on him or her for cyberextortion, Warmka says. The malicious actor could be trying to gain access to credentials or implant malicious code in the user’s device. In some cases, bad actors could be trying to get a better picture of the user’s location or schedule so they could launch a physical attack.
To reduce malicious actors’ access to your information, Warmka recommends switching around the classic intelligence phrase “Trust, but verify” to a more apt “Verify, then trust.”
While increasing security’s profile is not necessarily a bad thing, understanding the risks and challenges is essential. Here's what you should know before increasing your social media engagement: https://t.co/w8kzTfN8WG— Security Management (@SecMgmtMag) May 11, 2022
When assessing users’ profiles to verify their authenticity, Warmka had a few tips:
- Never click “accept” without verification, even for people you think you recognize or who have connections in common with you.
- Review profiles like you are hiring that person. Does something not seem quite right? Dig a little deeper.
- Conduct a reverse image search. Drop the person’s profile picture into a search function that will trawl the Internet to find whether this same photo was used elsewhere. It could have been used on the person’s authentic company site or with publications he or she wrote. Or you might find that the image is a stock photo that a malicious actor used to appear more legitimate.
- Verify that the language used in any messages seems natural. If the person is purporting to be American or a natural English speaker, does his or her language use support that, or does it seem stilted, like it was run through an online translator?
- Most people with LinkedIn profiles will have other entries online to help verify their details, such as a company profile, where he or she lives, publications he or she have produced, etc. These backup traces help to add to the contact’s credibility. If you only find that single LinkedIn profile for a person’s name, that should be a red flag, Warmka says.
- Does the profile look too good to be true? Does that security professional have so many training courses and certifications listed, plus the perfect set of previous roles that align with yours? If you are a member of any of the same associations or share any certifications with this person, check those databases to verify that he or she really have the bona fides he or she claims to.
- Don’t feel bad about rejecting connection requests. Even when you are on a mission to build up your professional profile and reputation, it’s worth having fewer followers if you can keep malicious actors out of your professional network.
Learn more about the CSO Center Leadership Series here. All sessions from this year’s series are now available to review on demand for CSO Center members.