Hacker Reconnaissance 101:
Oversharing information is a huge issue for every organization. The oversharing of information can make your organization an easy target to hack.
Hackers are constantly monitoring all forms of social media as part of their mission. To illustrate this problem, I’ll use a “fictitious example”.
Suppose you work for a bank, and you are excited about a new software platform that the bank will soon be installing. You post on your Facebook and LinkedIn page all the great features that the bank will now be able to offer, and how it will benefit the bank’s clients. This type of information is interesting to your friends and clients, however it is very exciting to a criminal.
A hacker with this knowledge will now start stalking you and others in the company. The criminal now has several goals. First, they want to find out who is working on this project and then learn as much as they can about each person. The second step is to learn as much as they can about the project and the details of the installation and migration process.
Next, the criminal will likely reach out to you and some coworkers using a fictitious identity and attempt to join your LinkedIn network and possibly friend you on Facebook. Creating a fictitious identity that would tempt you to accept a friend request is an easy task. The criminal’s goal at this point, is to determine who most likely will fall for a social engineering attack. (Social engineering is getting someone to do something they would not normally do).
With all the acquired information, the criminal is now ready for the attack. The most likely attack vector the criminal will choose, is to call the victim during the installation or data migration phase of the project. They will impersonate a team member of the company performing the project ask for help with getting access to the system. Sometimes to make it appear more legitimate, they may send an email or call ahead of time to schedule an appointment to work on the project.
Companies need to be aware of and have polices that limit the amount of company information that employees are allowed to share on their personal social media sites. Employees also need to understand that by oversharing personal information makes them and the company they work for more likely to a potential attack.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.