Phishing for Information, Part 2: How Attackers Collect Data About Your Employees

2024 Cybersecurity Predictions


 

Through these sites, it’s not hard for phishers to gather up a list of names of employees at a specific organization.

Social Media and Personal Information

Despite the security team’s best efforts to prevent it, employees will share and spread information about themselves all over the Internet. Social media companies expend tremendous effort to encourage people to join and post information about themselves. Some valuable bits of information that attackers can use are:

  • Work history
  • Education information (college and high school attended)
  • Family and relationship information
  • Comments on links
  • Dates of important life events
  • Places visited
  • Favorite sites, movies, TV shows, books, quotes, etc.
  • Photographs

Profiling

All these pieces of information provide powerful leverage points for attackers, but they also provide a lot of valuable indirect information. As our phishing example in part 1 points out, attackers can observe the writing style of the people they want to impersonate. Beyond that, they can also create detailed psychological profiles of victims. There are a number of tools and techniques available to do things like:

With sites like Facebook that host nearly 2 billion users,5 it’s very easy to craft a Google search for someone with “[name] [location] site:facebook.com” to find their page.

Many social media users are part of interest groups, which can provide useful leverage points for a phisher.

 



Source link
lol

  Through these sites, it’s not hard for phishers to gather up a list of names of employees at a specific organization. Social Media and Personal Information Despite the security team’s best efforts to prevent it, employees will share and spread information about themselves all over the Internet. Social media companies expend tremendous effort to…

Leave a Reply

Your email address will not be published. Required fields are marked *