2.2.3 Footprinting through Social Networking Sites

Collect Information through Social Engineering on Social Networking Sites

  • Attackers use social engineering trick to gather sensitive information from social networking websites such as Facebook, MySpace, LinkedIn, Twitter, Pinterest, Google+, etc.
  • Attackers create a fake profile on social networking sites and then use the false identity to lure the employees to give up their sensitive information.

    fake id generator

  • Employees may post personal information such as date of birth, educational and employment backgrounds, spouses names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company's upcoming news, mergers, acquisitions, etc.

  • Attackers collect information about employee's interests by tracking their groups and then trick the employee to reveal more information.

Information Available on Social Networking Sites

What Attacker Gets What Users Do What Organizations Do What Attacker Gets
Contact info, location, etc. Maintain profile User surveys Business strategies
Friends list, friends info, etc. Connect to friends, chatting Promote products Product profile
Identify of a family members Share photos and videos User support Social engineering
Interests Play games, join groups Recruitment Platform/technology information
Activities Creates events Background check to hire employees Type of business

results matching ""

    No results matching ""