Footprinting through Social Networking Sites

Collect Information through Social Engineering on Social Networking Sites

Attackers use social engineering trick to gather sensitive information from social networking websites such as Facebook, MySpace, LinkedIn, Twitter, Pinterest, Google+, etc.

Attackers create a fake profile on social networking sites and then use the false identity to lure the employees to give up their sensitive information.  

Employees are allowed to post both personal information about themselves (such as birthdates, employment histories, educational backgrounds, spouses’ names, etc.) and company-related information (such as websites, upcoming company news, mergers, acquisitions, and potential customers and business partners). Attackers track an employee’s groups to learn more about their interests before tricking them into disclosing more.

Information Available on Social Networking Sites

What Attacker Gets What Users Do What Organizations Do What Attacker Gets
Contact info, location, etc. Maintain profile User surveys Business strategies
Friends list, friends info, etc. Connect to friends, chatting Promote products Product profile
Identify of a family members Share photos and videos User support Social engineering
Interests Play games, join groups Recruitment Platform/technology information
Activities Creates events Background check to hire employees Type of business

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *