LinkedIn Scammers anyone?

[Casual Observer]

Are you guys getting this? Someone who claims to be a female reaches out on LinkedIn, their profile is light and when I "out" them as being a scammer they dissapear. What are they trying to get from me? I guess money?

[Ice Cream Jonsey]

Their profile is light? As in not a lot of stuff on it?

I had someone unknown send me a request last week. I accepted it on a Saturday and they instantly wrote "Hi". I blocked them. Any normal person would have waited until Monday.

[pinback]

Two days is industry standard.

[Jizaboz]

You guys are making me feel better about never creating a LinkedIn acct lol

[odyssia76]

LinkedIn can be useful for job-related things. Not at all good for social things as you probably have seen. But it gets very heavily data-mined, especially if you put a full resume up. Personally I have found that most random requests are from headhunters and business intelligence types who may be sniffing around trying to poach you from your employer or just gathering market data. Possibly gathering data for spearphishing attacks. A fully filled out LinkedIn profile is a goldmine for social engineers.

[odyssia76]

LinkedIn can be useful for job-related things. Not at all good for social things as you probably have seen. But it gets very heavily data-mined, especially if you put a full resume up. Personally I have found that most random requests are from headhunters and business intelligence types who may be sniffing around trying to poach you from your employer or just gathering market data. Possibly gathering data for spearphishing attacks. A fully filled out LinkedIn profile is a goldmine for social engineers.

[RealNC]

How many people who "worked for bitcoin and are creating a blockchain start-up" have tried to contact you? This appears to be the Nigerian prince of linkedin.

[Amiga Man]

LinkedIn can be useful for job-related things. Not at all good for social things as you probably have seen. But it gets very heavily data-mined, especially if you put a full resume up. Personally I have found that most random requests are from headhunters and business intelligence types who may be sniffing around trying to poach you from your employer or just gathering market data. Possibly gathering data for spearphishing attacks. A fully filled out LinkedIn profile is a goldmine for social engineers.

you think a record of where people used to work is valuable? holy shit

i assume youre just regurgitating dumb shit you heard elsewhere (please be that)

[odyssia76]

How many people who "worked for bitcoin and are creating a blockchain start-up" have tried to contact you? This appears to be the Nigerian prince of linkedin.

Haven't heard that one. Wish I had so I could laugh at them. Actually a hobby of mine is refining my own scripts to see how much time I can make them waste while I lead them along. Along. I started with the auto warranty scammers and they asked me what the make and model of my car was, and I would reply "But...you're from the 'Warranty Department' - don't YOU know the make and model of my car?" I can get a minute or two out of that one before they realize I'm fucking with them. But it's more effective and wastes more of their time to respond with "Datsun", or just make up a fake manufacturer. One time I told them "it's an I.M.A Skammer" just to hear them repeat it. You can get furthest, of course, by telling the truth and making them waste 20 minutes working on the scam before letting them know in some amusing way, but I don't usually feel like wasting that much of my time.

It's a little sad, though, that it's so easy to string them along by playing dumb, because that's a what they expect from Americans. Pretend you are just really stupid and they will absolutely believe it and will waste hours explaining things to you over and over again. So of my favorite YouTube scam busters get hilarious results (one parents to be an old lady). Some of their videos of making scammers furious are rolling-on-floor funny. Mand Jim Browning's videos are awesome because he reverse-hacks them, steals all their data, and uses it to locate and report them.

I should probably retire now because I achieved perfection a month ago when I had one of them literally screaming "YOU'RE WASTING MY TIME!!" at me over and over. The irony was so delicious that I just soaked it up while he screamed. When he finally stopped, I said in my sweetest voice "Yes, I am. On purpose. How does it feel?" Regrettably, he failed to see the sweet irony and didn't react in a fun way.

[pinback]

Did you ever get into a fistfight with the interviewer while interviewing for a job?

[odyssia76]

you think a record of where people used to work is valuable? holy shit

It absolutely can be, depending on who gets it, but yes, to certain people it can be valuable - as I said, for social engineering/spearphishing reasons. The more you know about someone, the more effectively you can scam them. But you don't know shit about security, so you don't get it. Other valuable documents are org charts that helpfully show who is in charge of what, and who their boss is, with names. Company phone directories too. If you knew anything about the topic you would know these things.

Even how the secretaries handle phone calls is important. Our resident cold caller might have noticed this.. Try calling a company who takes security seriously, which is sadly rare, but a big bank, for example. Call the main number at their HQ and ask to talk to, for example, "the director of IT". In order of security, the possible answers might be:

1) "Sure, her name is Monica Fritz and she is at extension 4432. I'll connect you."
2) "I'll see if Monica is in"
3) "I need the name of the person you're calling, please."

The last one is the only secure one. And they don't have the "find extension by name" thing, either. Finding out the name of someone in an organization using this method is very common for hackers and other scum like cold callers.

[Amiga Man]

you just posted a bunch of vague cliches, indicative of someone that is just rewriting nonsense they read on the internet and got caught

and then you quickly pivoted to some other topic about people working AT THIER CURRENT JOBS

Other valuable documents are org charts that helpfully show who is in charge of what, and who their boss is, with names. Company phone directories too.

if I got caught talking out my ass I'd change the topic too

No, a list of where people used to work is not valuable. Quit talking about things you have no idea about

[Amiga Man]

Pretend you are just really stupid and they will absolutely believe it and will waste hours explaining things to you over and over again.

"pretend"

[Ice Cream Jonsey]

I appreciate everyone treating one another with respect and dignity lately. Now, I'll read the rest of this thread.

[odyssia76]

you just posted a bunch of vague cliches, indicative of someone that is just rewriting nonsense they read on the internet and got caugh [...] No, a list of where people used to work is not valuable. Quit talking about things you have no idea about

You think my points are "vague"? Can you be more specific? As for me knowing what I'm talking about, how many pen tests have you done? How many speeches on security given? Secuity classes given? Consulting gigs with Fortune 500 companies, the US military? How many certifications do you have? Do you have a CISSP? You're the one who knows nothing, talking out your ass, dude. I could tell you how to use common office documents to steal millions from a company. There's a reason security-conscious organizations shred ALL office trash. You think they do it for fun?

So now STFU before you email arrays yourself even further, if that's possible. Crawl away in embarrassment as you should.

[Flack]

Are you a CISSP? Shoot me your LinkedIn. I am always looking for people to pass work to, both in person and remotely.

The first time I visited ICJ in Denver I was doing a pen test at a federal facility. Part of the test involved assessing physical security and attempting to access any area not open to the public. I asked for permission to attempt to enter the basement (which I knew would have them watching for me) and 10 minutes later I texted them this picture taken from the roof overlooking downtown Denver. The guy I was working with thought it was funny but his boss was not amused.

[Casual Observer]

It's definitely Finsternis

[Casual Observer]

you just posted a bunch of vague cliches, indicative of someone that is just rewriting nonsense they read on the internet and got caugh [...] No, a list of where people used to work is not valuable. Quit talking about things you have no idea about

You think my points are "vague"? Can you be more specific? As for me knowing what I'm talking about, how many pen tests have you done? How many speeches on security given? Secuity classes given? Consulting gigs with Fortune 500 companies, the US military? How many certifications do you have? Do you have a CISSP? You're the one who knows nothing, talking out your ass, dude. I could tell you how to use common office documents to steal millions from a company. There's a reason security-conscious organizations shred ALL office trash. You think they do it for fun?

So now STFU before you email arrays yourself even further, if that's possible. Crawl away in embarrassment as you should.

Think we can be sure this is not a middle aged woman in, what? Vermont or something. This is a greasy fatroll living in a basement.

[Casual Observer]

you think a record of where people used to work is valuable? holy shit

It absolutely can be, depending on who gets it, but yes, to certain people it can be valuable - as I said, for social engineering/spearphishing reasons. The more you know about someone, the more effectively you can scam them. But you don't know shit about security, so you don't get it. Other valuable documents are org charts that helpfully show who is in charge of what, and who their boss is, with names. Company phone directories too. If you knew anything about the topic you would know these things.

Even how the secretaries handle phone calls is important. Our resident cold caller might have noticed this.. Try calling a company who takes security seriously, which is sadly rare, but a big bank, for example. Call the main number at their HQ and ask to talk to, for example, "the director of IT". In order of security, the possible answers might be:

1) "Sure, her name is Monica Fritz and she is at extension 4432. I'll connect you."
2) "I'll see if Monica is in"
3) "I need the name of the person you're calling, please."

The last one is the only secure one. And they don't have the "find extension by name" thing, either. Finding out the name of someone in an organization using this method is very common for hackers and other scum like cold callers.

Not sure how we got back to cold calling which isn't scamming but you're still wrong and if the others here gave a shit the gloves could be off but I'm done shit posting as much. I will say I just signed a 3 year contract with ZoomInfo today that actively scrapes the emails of lots of people who know your number so good luck. Have you been to RSA? There's over 3000+ cyber security startups in there, 80 percent using this tool to call real CISSP's. You better get a burner phone dude with this attitude.

[Jizaboz]

Hell yeah, Flack! That’s the kind of pen-test stories I enjoy.