How cybercriminals harvest information for spear phishing

[harlan4096]

In analyzing targeted attacks over the past decade, we continually find a recurring theme: “It all started when the victim opened a phishing e-mail.” Why are spear-phishing e-mails so effective? It’s because they are contextualized and tailored to the specific victim.

Victims’ social networks are often used as a source of information. Naturally, that leads to the question: How? How do cybercriminals find these accounts? To a large extent, it depends on how public the victim is. If someone’s data is published on a corporate website, perhaps with a detailed biography and a link to a LinkedIn profile, it’s quite simple. But if the only thing the cybercriminal has is an e-mail address, the task is far more complicated. And if they just took a picture of you entering the office of the target company, their chances of finding your profile in social networks are even lower.

We conducted a small experiment to search for information based on scraps of data. This involved taking several colleagues, all with varying degrees of social media activity, and trying to find them using widely available search tools.

Search by photo

Needing to find a person based on a photo is not the most common scenario. We assume that it begins with the cybercriminal was positioned by the entrance to the target company building and covertly photographing everyone with a particular logo on their pass, after which the search commenced for a suitable spear-phishing victim. But where to begin?

Full reading: https://www.kaspersky.com/blog/spearphis...ion/25589/