Government Agency Compromised by Facebook Scam

Government Agency Compromised by Facebook Scam

Hackers were able to compromise a government agency by using a Facebook ‘hottie’ scam.–PC Pitstop

By Stu Sjouwerman, for Security Awareness Training

The oldest trick in the world still works: the honeytrap. It’s very well known in the spy business and has been used for centuries to social engineer people. Today, it’s even easier to trap people with this because you do not need a live good looking woman anymore. It’s all done virtually. Here is a good example you can send to all employees, a real story about a government agency compromised by a fake Facebook hottie. Remind them that they need to THINK BEFORE THEY CLICK: This is the link to the ZDnet article:

Using social media profiles and a photo of a real (and consenting) woman, two hackers fooled a government employer into believing she was an employee, conning them out of a company laptop, network credentials, and more.

They used “her” Facebook and LinkedIn connections to send out holiday cards linked to an attack site, which the government employees visited, and scammed one employee into sending her a work laptop – as well as network access credentials and more, such as SalesForce logins.

The researchers used the imaginary pretty girl’s poisoned holiday e-cards to gain administrative rights, obtain passwords, install applications and stole documents with sensitive information – some of which, according to the hackers, included information about state-sponsored attacks and country leaders.–ZDNet 11/1/2013

This excerpt appears with permission from

507 total views, 1 views today

(Visited 1 times, 1 visits today)
Related Reading  Israeli Firm NSO Group Accused of Impersonating Facebook to Spread Spyware

3 thoughts on “Government Agency Compromised by Facebook Scam

  1. I closed my face book account cause I found out that face book was tracking me on my computer. how I found out I went to advanced auto to check on a heater control switch for my 1986 chevy van. then I went and signed into face book and on my face book page was a pic of the heater control switch that I was looking at. so that told me that face book was tracking me should ask face book about there privacy act. oh I forgot face book don’t go by there privacy act

  2. If only everyone would remember: be cautious, be careful and always be confirming everything. EVERYTHING because even someone you think you know will lie, cheat and steal from you so how far do you think a stranger will go? mhm

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.