Rich Mason:- LinkedIn Security Advise

Background

Rich Mason is a former CISO at Honeywell.

Early this week he cued in to the fact that someone was creating false LinkedIn profiles.

 

LinkedIn Profiles

Many of the false profiles had titles such as CISO ( Chief information security officer ).

 

LinkedIn Response

Krebs On Security

In a statement provided to KrebsOnSecurity, LinkedIn said its teams were actively working to take these fake accounts down.

“We do have strong human and automated systems in place, and we’re continually improving, as fake account activity becomes more sophisticated,” the statement reads. “In our transparency report we share how our teams plus automated systems are stopping the vast majority of fraudulent activity we detect in our community – around 96% of fake accounts and around 99.1% of spam and scam.”

 

Rich Mason

Advises To LinkedIn

  1. Created On Date
    • LinkedIn could take one simple step that would make it far easier for people to make informed decisions about whether to trust a given profile: Add a “created on” date for every profile.
    • Twitter does this, and it’s enormously helpful for filtering out a great deal of noise and unwanted communications.
  2. Verification Process
    • The former CISO Mason said LinkedIn also could “experiment with offering something akin to Twitter’s verified mark to users who chose to validate that they can respond to email at the domain associated with their stated current employer“.
    • “If I saw that a LinkedIn profile had been domain-validated, then my confidence in that profile would go way up,” Mason said, noting that many of the fake profiles had hundreds of followers, including dozens of real CISOs.
    • Maryann’s profile grew by a hundred connections in just the past few days, he said.
    • If we have CISOs that are falling for this, what hopes do the masses have?” Mason said.
  3. Companies Reporting Fake Profiles
    • Mason said LinkedIn also needs a more streamlined process for allowing employers to remove phony employee accounts.
    • He recently tried to get a phony profile removed from LinkedIn for someone who falsely claimed to have worked for his company.
    • I shot a note to LinkedIn and said please remove this, and they said, well, we have to contact that person and arbitrate this,” he said. “They gave the guy two weeks and he didn’t respond, so they took it down
    • He continued “That doesn’t scale, and there needs to be a mechanism where an employer can contact LinkedIn and have these fake profiles taken down in less than two weeks.”

 

Read Here

Please read the KrebsOnSecurity article.

It is available here:-

KerbsOnSecurity
Fake CISO Profiles on LinkedIn Target Fortune 500s
Link

 

Listening

Rich Mason is a real one.

For the rest of us, apologetically needing more me time.

Drake
Do Not Disturb
Link

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s