As a pentester, part of my job is running social engineering exercises. To be successful, I look for information I can use that will make my communication appear more authentic, and can be used to create attack vectors. These are the same tactics a bad actor will use to gain personal information on targets and it’s important to be aware of these tactics to protect ourselves and our loved ones. I believe it’s important to be aware so we can all make calculated choices about what we want to allow to be disclosed that ultimately can affect our lives. Think of it as creating our own personal risk model, if you will. This article will focus on four keys things:
- OSINT
- What personal information can be uncovered on the Internet
- How this information is found
- How to take back control of this information
First up – OSINT. OSINT is an abbreviation for Open Source INTelligence. It involves looking up information that is publicly available – no hacking or special skills are required to see it. This information is collected piece by piece. Think of it like a jigsaw puzzle. When putting a puzzle together, each piece on its own means little. But when pieces are put together, the picture starts to become clear. Plus, each piece that is put into place gives a....