No announcement yet.

How-To - Get Someones Birthday details using Social Engineering on Social Media

  • Filter
  • Time
  • Show
Clear All
new posts

  • How-To - Get Someones Birthday details using Social Engineering on Social Media

    When a social engineering attack is performed in order to gain personal information from a potential target, many options are available. If just asking for information such as; "When is your birthday?" is too intrusive lots of options are available. This is not about making a complete listing but rather an attempt to invite for creativity to be used. On Social Media the target may be reluctant to answer person questions directly but the fact is that those questions are answered regularly by using sneaky and innocent looking questions.
    Maybe the information the attacker needs has already been answered on places such as Facebook. If not, an attempt using Waterholing or similar attacks may turn out to be useful. Share something you suspect the target may react to or interact with.

    What are those innocent looking questions? They are all the silly entertainment shares such as quizzes that some people seems to love without any though on what information they actually hand out when doing so. Most users of Facebook and similar social sites have, at one point or another, received a quiz shared by a Facebook connection.

    Let Your Birthday Reveal Your Future Occupation Quiz
    January - Drunken
    February - Angry
    March - Lingering
    April - Clumsy
    May - Thoughtful
    June - Funny

    1st - Dancer
    2nd - Sculptor
    3rd - Pipefitter
    4th - Miner
    5th - Psychologist
    6th - Sex Therapist
    7th - Test Driver
    Above example is usually meant to be nothing but great fun. And you have likely seen a few of these yourself. Are you an "Angry Miner" or a "Clumsy Pipefitter"? Nothing stops an attacker from sharing postings like this or make his or her own. Often these are shared very quickly from one profile to the next. Some times an attacker can just browse a Facebook profile for information such as this from an already posted quiz. People may not answer personal questions when asked directly but will gladly share information such as a birth day in a heart beat when doing a quiz or similar.

    Spending a lot of time on social media may unconsciously lead to a profile packed with personal information you would normally not share. When sharing information on the Internet often means sharing information with the world and removing this information later may prove to be next to impossible. The conclusion may be that many questions lead to the same answers and some of these questions may feel intrusive and some may not. Now may be a good time to have a look at what information you have been sharing on social media during your stay. This could be years of information. Spare time activities, travel habits, family members, pictures of family and relatives, opinions, your pet name etc. All kinds of information that seems harmless.
    Certified Security Geek