Source: Alekesey Zotov via Alamy Stock Photo
Last week, a group of hackers targeted Radioactive Waste Management (RWM), a UK government-owned company behind the country's multibllion-dollar Geological Disposal Facility (GDF) nuclear waste-storage project, using social engineering and LinkedIn.
RWM merged last year with two other companies to create Nuclear Waste Services (NWS), which also administers the Low Level Waste Repository in Cumbria, UK. Corhyn Parr, NWS's chief executive, noted that the attackers have been capitalizing on the business changes stemming from that merger to try to dupe targets into falling for social engineering gambits, largely through LinkedIn. So far, though, none of the attempts have had any "material effect," he added.
"NWS has seen, like many other UK businesses, that LinkedIn has been used as a source to identify the people who work within our business," a company spokesperson told the Guardian. The attackers, however, were denied through what a company spokesperson referred to as "multi-layered defenses."
Hackers will use social media sites to create fake accounts, write false messages, and send malicious links, as well as gather information to improve their messaging, all in order to gain access to a company's system through phishing or malware.
According to LinkedIn itself, in order to avoid becoming the victim of these types of scams or social engineering attacks, users should avoid engaging with impersonal messages, any messages asking for personal or financial information, messages with noticeable grammar and spelling mistakes, and messages including offers that are overly generous or “too good to be true.”