Malicious users gather confidential information from social networking sites and create accounts in others' names.
Attackers use others' profiles to create large networks of friends and extract information using social engineering information using social engineering techniques.
Attackers try to join the target organization's employee groups where they share personal and company information.
Attackers can also use collected information to carry out other forms of social engineering attacks.

Attackers create a fake user group on Facebook identified as "Employees of" the target company.
Using a false identity, attacker then proceeds to "friend," or invite, employees to the fake group "Employees of the company"
Users join the group and provide their credentials such as date of birth, educational and employment backgrounds, spouses names, etc.
Using the details of any one of the employee, an attacker can compromise a secured facility to gain access to the building.

Attackers scan details in profile pages. They use these details for spear phishing, impersonation, and identity theft.

Data Theft: A social networking site is an information repository accessed by many users, enhancing the risk of information exploitation.
Involuntary Data Leakage: In the absence of a strong policy, employees may unknowingly post sensitive data about their company on social networking sites.
Targeted Attacks: Attackers use the information available on social networking sites to perform a targeted attack.
Network Vulnerability: All social networking sites are subject to flaws and bugs that in turn could cause vulnerabilities in the organization's network.

8.3 Impersonation on Social Networking Sites

results matching ""