Footprinting through Social Networking Sites
Social Engineering Social Engineering in Information Security refers to the technique of psychological manipulation. This trick is used to gather information from different social networking and other platforms from people for fraud, hacking, and getting information for being close to the target.
Footprinting using Social Engineering on Social Networking Sites Social Networking is one of the best information sources among other sources. The different popular and most widely used social networking site has made it quite easy to find someone, get to know about someone, including its basic personal information as well as some sensitive information as well. Advanced features on these social networking sites also provide up-to-date information. An Example of footprinting through social networking sites can be finding someone on Facebook, Twitter, LinkedIn, Instagram, and much more.
Social Networking is not only a source of joy, but it also connects people personally, professionally, and traditionally. Social Networking platforms can provide sufficient information about an individual by searching for the target. Searching for Social Networking for People or an organization brings much information such as a Photo of the target, personal information and contact details, etc.
What Users Do
What attacker gets
People maintain their profile
Photo of the target Contact numbers Email Addresses Date of birth Location
Personal Information about a target including personal information, photo, etc.
People updates their status
Most recent personal information Most recent location
Family & Friends information Activities & Interest Technology related information Upcoming events information
Platform & Technology related information.
List of Employees / Friends / Family.
Nature of business
Table - Social Engineering
The profile picture can identify the target; the profile can gather personal information. By using this personal information, an attacker can create a fake profile with the same information. Posts have location links, pictures, and other location information that helps to identify the target location. Timelines and stories can also reveal sensitive information. By gathering information of interest and activities, an attacker can join several groups and forums for more footprinting. Furthermore, skills, employment history, current employment, and much more. These are the information that can be gathered easily and used for determining the type of business of an organization, technology, and platforms used by an organization. In the posts, people are posting on these platforms, never think that what they are posting. Their post may contain enough information for an attacker, or a piece of required information for an attacker to gain access to their systems.