Social networking websites are public internet services that enable users to interact and develop interpersonal relationships. Sites like Facbook, Instagram, Twitter, YouTube, Pinterest, and LinkedIn are being used more frequently as a result of being able to connect with friends and family on one and exchange professional profiles on another.
Attackers can leverage these websites to their advantage because people usually maintain profiles on social networking sites to provide basic information of themselves like, names of spouses, dates of birth, educational backgrounds, and career histories to maintain connections with others. Organisations frequently publish information about partners they might work with, websites, and forthcoming company news.
The following table provides a summary of user activity on social networking sites and the associated data that an attacker may get.
| What Users Do | What Attacker Gets |
|---|---|
| Maintain Profile | Contact Infomation, friends information, information about family members, interests, and activities |
| Connect to friends, chat | Friends list, sensitive information via chatting |
| Share photos and videos | Identity of family members, interests, and related information |
| Play games, join groups | Interests |
| Create Events to notify about upcoming occassions | User's Activities |
Social networking websites are also used by organisations to communicate with customers, advertise their products and services, and get customer feedback. The table below provides a summary of an organization's social networking activities and the information that an attacker may obtain from them.
| What Organizations Do | What Attacker Gets |
|---|---|
| User Surveys | Business Strategies |
| Promote Products | Product Profile |
| User Support | Social Engineering |
| Recruitment | Platform/technolgoy information |
| Background check to hire employees | Type of business |
There are numerous online tools and services that can help you collect important data about a target from one or more social media platforms. These services give hackers the ability to follow accounts and URLs on numerous social media sites, find the most popular content shared across social media sites by using hashtags or keywords, find a target's email address, etc. Attackers can use this information to carry out phishing, social engineering, and other forms of assaults.
- Tools like Google Trends, Hashatit, BuzzSumo, and Ubersuggest can be use to locate information.
- Tools like Hootsuite, Followeronk, and Sysomos can be use to search for both geotagged and non-geotagged information.
- Tools like Social Searcher, Sherlock, theHarvester, UserRecon can be use to gather sensitive information about the target via footprinting social networking sites.
- Phases of Hacking
- Introduction to Footprinting - First Step to Hacking
- Information Obtained in Footprinting
- Objective and Threats of Footprinting
- Countermeasures of Footprinting
- Footprinting - First Step on Hacking (Summary) with Tools
%20Cover.jpg)
%20Cover.jpg)
No comments:
Post a Comment