I wonder why he fell for the loaded LinkedIn spoof email?
I’m sure I’ve clicked my fair share of LinkedIn links, but I don’t think I’ve done so recently.
In order to trick Bill into connecting to my exploit, I sent him an email with an embedded link. Cobalt Strike has a tool to copy an existing email (headers and all), which makes this basically turn-key. All you need to do is modify the links. So what email does everyone always click? What would work even against an infosec guy? Linkedin invites. http://disconnected.io/2014/03/18/how-i-hacked-your-router/
The ‘real life connection’ for reset has been problematic for years. Of course, putting something like “cookie” as every answer doesn’t do much, either.
What city were you born in? Cookie.
What is your maternal grandmother’s maiden name? Cookie.
What was your high school mascot? Cookie.
Haven’t figured out a solution yet, but I have at least deployed a password manager that’s making lovely 1CL9DUenEgslS2AOJZ#mkW3PoGyQ7iYTXjH passwords for me.