Using FACEBOOK to steal company data

Whatever the mind can conceive and believe, the mind can achieve. Dr. Napoleon Hill

In this digital age, many company employees are online all day long or have ready access to an internet accessible computer. As a result, many computer users, company employees, have become digitally stoned, some have become like addicts, comfortably numb in this digital world.

The bad guy knows this and uses this against his targets. He knows that in a digital world, an employee is more apt to respond to his message and can be mislead if he uses certain techniques.

As an example, researcher Steve Stasiukonis tested actual company networks using a bogus facebook identity. In these tests he would join a company fan page and would begin mining names and email addresses of persons identifying themselves as company employees. He also gathered information from other social networking sites to further enhance his database of email addresses. He then obtained a domain name similar to the one used by the company and made it look like the genuine company website. When he launched his FACEBOOK email spear-phish attack, he obtained a positive response rate between 45 to 50 percent.

In other words nearly half of employees phished responded with the credentials and passwords used on their company network. In the real world, this information could have been used to steal company information, bring the company network down to it's knees or even gain access to bank accounts and fraudulent financing.

You have to ask yourself, COULD THIS HAPPEN TO YOUR COMPANY?

More details can be obtained at this website

Want a scary example of what some of the gathered information can be used for? Check this out - The same information the fraudsters obtained is today being gathered from Social Network Sites like Facebook, Twitter etc....:


Have you taken steps to protect your company?