We’re switching it up this week. Today’s Fool Around content focuses on OSINT, or Open Source Intelligence. For the uninitiated, OSINT challenges are a great way of practicing your investigation skills. As part of a cyber attack, threat actors may perform OSINT on specific targets to identify information that will help them social engineer someone into handing over valuable information.
The example we have here is the (obviously created by us) LinkedIn account of a CFO, Cindy Lane. Now an attacker might have done some initial OSINT against the company Cindy works for if they consider that company to be a big enough target.
From the company page, they may be able to find C-Suite, and other high ranking, execs who would have privileged access to information or systems within the business. Targeting these people with spear phishing, vishing, or other social engineering attacks can provide a huge return on investment for threat actors, which is why anyone with access to HR systems, IT system back ends, customer data and financial information should be extra vigilant.
The challenge we have for you this week is to identify some specific information which could help further an attack on the business, Big Tech PLC.
Using the LinkedIn profile below, can you identify:
- 3 possible basewords that Cindy might use as part of her password? and
- 2 topics for emails you could send Cindy that she might be likely to open?
Remember, if you’re using social media, it’s great to share things! Our CEO, Amy, does it all the bloody time. But also remember that you need to make sure to hide details about your whereabouts, any clues to passwords you might have, and specific information about your organisation that might help an attacker.
We’re happy to discuss how we can support you with security awareness training for your executive teams in an engaging manner. Get in touch today to find out more.
Reading List
The latest content for your reading pleasure.
