2.2.3 Footprinting through Social Networking Sites
Collect Information through Social Engineering on Social Networking Sites
- Attackers use social engineering trick to gather sensitive information from social networking websites such as Facebook, MySpace, LinkedIn, Twitter, Pinterest, Google+, etc.
Attackers create a fake profile on social networking sites and then use the false identity to lure the employees to give up their sensitive information.
fake id generator
Employees may post personal information such as date of birth, educational and employment backgrounds, spouses names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company's upcoming news, mergers, acquisitions, etc.
- Attackers collect information about employee's interests by tracking their groups and then trick the employee to reveal more information.
Information Available on Social Networking Sites
| What Attacker Gets | What Users Do | What Organizations Do | What Attacker Gets |
|---|---|---|---|
| Contact info, location, etc. | Maintain profile | User surveys | Business strategies |
| Friends list, friends info, etc. | Connect to friends, chatting | Promote products | Product profile |
| Identify of a family members | Share photos and videos | User support | Social engineering |
| Interests | Play games, join groups | Recruitment | Platform/technology information |
| Activities | Creates events | Background check to hire employees | Type of business |