Tweet
When a social engineering attack is performed in order to gain personal information from a potential target, many options are available. If just asking for information such as; "When is your birthday?" is too intrusive lots of options are available. This is not about making a complete listing but rather an attempt to invite for creativity to be used. On Social Media the target may be reluctant to answer person questions directly but the fact is that those questions are answered regularly by using sneaky and innocent looking questions.
Maybe the information the attacker needs has already been answered on places such as Facebook. If not, an attempt using Waterholing or similar attacks may turn out to be useful. Share something you suspect the target may react to or interact with.
What are those innocent looking questions? They are all the silly entertainment shares such as quizzes that some people seems to love without any though on what information they actually hand out when doing so. Most users of Facebook and similar social sites have, at one point or another, received a quiz shared by a Facebook connection.
Let Your Birthday Reveal Your Future Occupation Quiz
Above example is usually meant to be nothing but great fun. And you have likely seen a few of these yourself. Are you an "Angry Miner" or a "Clumsy Pipefitter"? Nothing stops an attacker from sharing postings like this or make his or her own. Often these are shared very quickly from one profile to the next. Some times an attacker can just browse a Facebook profile for information such as this from an already posted quiz. People may not answer personal questions when asked directly but will gladly share information such as a birth day in a heart beat when doing a quiz or similar.
Spending a lot of time on social media may unconsciously lead to a profile packed with personal information you would normally not share. When sharing information on the Internet often means sharing information with the world and removing this information later may prove to be next to impossible. The conclusion may be that many questions lead to the same answers and some of these questions may feel intrusive and some may not. Now may be a good time to have a look at what information you have been sharing on social media during your stay. This could be years of information. Spare time activities, travel habits, family members, pictures of family and relatives, opinions, your pet name etc. All kinds of information that seems harmless.
Maybe the information the attacker needs has already been answered on places such as Facebook. If not, an attempt using Waterholing or similar attacks may turn out to be useful. Share something you suspect the target may react to or interact with.
What are those innocent looking questions? They are all the silly entertainment shares such as quizzes that some people seems to love without any though on what information they actually hand out when doing so. Most users of Facebook and similar social sites have, at one point or another, received a quiz shared by a Facebook connection.
Let Your Birthday Reveal Your Future Occupation Quiz
January - Drunken
February - Angry
March - Lingering
April - Clumsy
May - Thoughtful
June - Funny
...
1st - Dancer
2nd - Sculptor
3rd - Pipefitter
4th - Miner
5th - Psychologist
6th - Sex Therapist
7th - Test Driver
...
February - Angry
March - Lingering
April - Clumsy
May - Thoughtful
June - Funny
...
1st - Dancer
2nd - Sculptor
3rd - Pipefitter
4th - Miner
5th - Psychologist
6th - Sex Therapist
7th - Test Driver
...
Spending a lot of time on social media may unconsciously lead to a profile packed with personal information you would normally not share. When sharing information on the Internet often means sharing information with the world and removing this information later may prove to be next to impossible. The conclusion may be that many questions lead to the same answers and some of these questions may feel intrusive and some may not. Now may be a good time to have a look at what information you have been sharing on social media during your stay. This could be years of information. Spare time activities, travel habits, family members, pictures of family and relatives, opinions, your pet name etc. All kinds of information that seems harmless.