Every action you take online leaves a trail. This is known as a digital footprint.
Whilst a lot of your digital footprint is not visible to the general public, such as websites that you visit, emails that you send and receive and data that you store in the cloud. The non-visible part of your digital footprint is often referred to as your passive digital footprint.
Your active digital footprint is data you have shared online that is visible online, such as posts you make on social media.
Attackers can gather this information using a variety of often simple methods. This is known as Open source intelligence (OSINT). OSINT is often legal, as it is using techniques to extract publicly available information, however using this information maliciously is where it starts to become illegal.
In the last week, we have seen this method exploited against several of our clients. They have reported Spear Phishing emails posing as members of their internal team have been sent. Spear Phishing is where attackers will target an individual person or business and impersonate a trusted third-party or individual.
The first example we had of this was an email requesting the personal phone number of an individual in the business. The email’s suspicious characteristics begin with the strange way in which it is written, along with an extreme sense of urgency. Cyber attackers will often elevate the urgency of a request as people are naturally more responsive when a sense of urgency is created, making the attacks more effective.
The email was also suspicious because it has the recipient’s name spelt incorrectly and came from an unrecognised email account.
However, some authenticity was created by the correct job title being used in the email signature of the individual that was being impersonated.
Another, and better executed, example of this was reported by another of our clients.
The email they received was requesting that an employee’s banking details were amended. The email was relatively well written, with the correct punctuation. It was also sent to a member of the accounts team, who would normally be responsible for this type of request. The email had the correct job title again for the individual it was impersonating.
Once again, the suspicious characteristics were caused by the unusual request but also the email being sent from an unrecognised account.
You may be wondering, how did the attackers find this information? The information could have come from several locations. However, the most likely is social media.
Businesses and employees across the globe are flocking to LinkedIn, a social media platform focused on business. Common characteristics of an individual’s profile are the organisation that they work for and their job title. Whilst this is advantageous for many individuals to expose them to job opportunities, potential clients and more it also makes this information readily available for Cyber Attackers.
It is important to stay Cyber Wise and remember that whatever you put online is visible and can be used to your disadvantage.
If you would like to discuss this further, please get in touch with our expert team.