- April 27, 2020
- Posted by: SouTech Team
- Category: Blog, Cyber-security and Ethical Hacking Training, Ethical Hacking and Kali Linux Free Training
Collect Information through Social Engineering on Social Networking Sites
- Attackers use social engineering trick to gather sensitive information from social networking websites such as Facebook, MySpace, LinkedIn, Twitter, Pinterest, Instagram, etc.
Attackers create a fake profile on social networking sites and then use the false identity to lure the employees to give up their sensitive information.
Employees may post personal information such as date of birth, educational and employment backgrounds, spouses names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company’s upcoming news, mergers, acquisitions, etc.
- Attackers collect information about employee’s interests by tracking their groups and then trick the employee to reveal more information.
Information Available on Social Networking Sites
|What Attacker Gets||What Users Do||What Organizations Do||What Attacker Gets|
|Contact info, location, etc.||Maintain profile||User surveys||Business strategies|
|Friends list, friends info, etc.||Connect to friends, chatting||Promote products||Product profile|
|Identify of a family members||Share photos and videos||User support||Social engineering|
|Interests||Play games, join groups||Recruitment||Platform/technology information|
|Activities||Creates events||Background check to hire employees||Type of business|
Don’t forget to share with your friends. Sharing is caring. Stay Safe