Hackers used fake LinkedIn account to infiltrate government agency, get work laptop, VPN credentials
This is a really impressive feat of hacking.
Using social media profiles and a photo of a real (and consenting) woman, two hackers fooled a government employer into believing she was an employee, conning them out of a company laptop, network credentials, and more.
They used "her" Facebook and LinkedIn connections to send out holiday cards linked to an attack site, which the government employees visited, and scammed one employee into sending her a work laptop - as well as network access credentials and more, such as SalesForce logins.
Robin Sage Emily Williams
The researchers used the imaginary pretty girl's poisoned holiday e-cards to gain administrative rights, obtain passwords, install applications and stole documents with sensitive information - some of which, according to the hackers, included information about state-sponsored attacks and country leaders.
. . .