Phishers often rely on gathering detailed information about their targets before launching an attack. By using various tactics to learn about individuals and organizations, they can craft more convincing and personalized phishing messages. Social media platforms like LinkedIn, in particular, provide a wealth of information that attackers can use to build a profile of their target. Here are some key information-gathering tactics used by phishers:
- Social Media Profiling: Platforms like LinkedIn, Facebook, and Twitter are treasure troves of personal and professional details. Phishers can collect information such as job titles, work history, connections, and interests, which they can then use to create targeted phishing emails or messages. For example, by knowing your job role and colleagues, an attacker can send a spear phishing email that looks like it’s from a co-worker or company executive.
- LinkedIn Harvesting: LinkedIn is especially valuable for phishers looking to target specific industries or companies. Attackers can scrape LinkedIn profiles to gather details on employees, their roles, and organizational structure. This information allows them to craft highly targeted spear phishing emails that mimic internal communications, making them more believable. They may even pose as recruiters, sending fake job offers to lure in unsuspecting victims.
- Public Data Mining: Phishers use publicly available data, such as business filings, company websites, or news articles, to gather additional details about an organization’s operations, key personnel, and projects. This can help them craft phishing emails that align with recent company activities or industry news, increasing the chances of success.
- Business Email Compromise (BEC) Setup: Attackers often use LinkedIn and other sources to identify high-ranking executives or financial officers within a company. By understanding the internal hierarchy, phishers can send convincing BEC emails that appear to come from a CEO or CFO, requesting urgent payments or sensitive financial information. They may even time the attack around travel schedules or busy periods to increase its effectiveness.
- Data Scraping from Forums and Discussion Boards: Attackers often scrape forums, discussion boards, or online communities where professionals discuss industry-specific topics. This allows them to gather insights into common challenges, terminology, or insider knowledge that can be leveraged to make phishing messages more convincing.
- Reconnaissance through Online Tools: Phishers use tools like WHOIS lookups or company databases to gather information about domain registrations, employee contact information, and server details. This data can help them craft emails that appear to come from trusted sources within the organization, such as IT departments or support teams.
- Phishing Surveys: Some phishers gather information by creating fake surveys or questionnaires that appear legitimate. These surveys ask for details like job title, department, or business operations, providing the attacker with valuable data to fine-tune their future phishing attempts.
- Email Harvesting from Breached Databases: Phishers often use email addresses and other contact details from previously breached databases. Combining these with publicly available data, they can send targeted emails to individuals whose credentials may already be compromised, adding another layer of believability to their phishing attempts.
- Information from Job Postings: Phishers analyze job postings to understand company operations, the software used, and internal hierarchies. This allows them to create realistic phishing emails that appear to address common company needs, such as software updates or training schedules, making the attack seem relevant to the target’s role.
- Targeting New Employees: New employees are often prime targets for phishers, as they are still familiarizing themselves with company procedures. Attackers may gather information about recent hires through LinkedIn or company announcements and send phishing emails that impersonate HR or IT, asking for login credentials or personal details under the guise of onboarding procedures.