Hi all,
A while back I had to deal with some sms phishing sent pretending to be our CEO. Many people received the text said they never exposed their mobile phone on linkedin or social sites, I went on a hunt and stumbled across this website which basically had everyone email+ phone number. There were also clues from the phisher that he may have gotten information from here as he made mistakes on CEO name (the site still listed the wrong name) or company name that was sighted in the site (one word instead of 2 ...)
I wonder how/where they got this data? Did some third party phone app(messenger, whatsapp) dump our contact list somewhere and map those information out? This site is cheap to sign up for an account and it's a sweet honey pot for mass sending CEO phishing campaign.
Thanks, Perhaps I was paranoid but I have had several users reported to me "I have never shared my phone numbers with Linkedin or on social media". The data is very current afaik since I have had users who only recently joined getting CEO gift card sms.
3 comments
[ 3.3 ms ] story [ 12.0 ms ] threadI wonder how/where they got this data? Did some third party phone app(messenger, whatsapp) dump our contact list somewhere and map those information out? This site is cheap to sign up for an account and it's a sweet honey pot for mass sending CEO phishing campaign.
https://rocketreach.co/privacy
Information isn't current and is likely from a LinkedIn data dump.
https://identitytheft.org/data-breach/linkedin/