18. Give examples of how Open Source Intelligence can be used for social engineering (AC 4.2)

Written from a perspective of an attacker.

Open source Intelligence also known as OSINT is a great tool when conducting a social engineering. Thankfully most people live their life very publicly thanks to social media. They will post information about their families, hobbies, interests, planned holidays, work, private life, their favourite cafes etc... It's very easy to gather all this information and create a profile from multiple sources such as, Facebook, Instagram, Reddit, Twitter, YouTube, TikTok, LinkedIn, Tumblr. Now that we have information from all these sources, the options for social engineering are a plenty. Some potential scenarios:

Thanks to Facebook, I see they frequent this particular small business café. You can then send a phishing email, impersonating the owner of their favourite café, offering a discount and all they have to do is click a link .

Because of TikTok, where they frequently share information about their health problems. And thanks to LinkedIn, where they shared their phone number. You can call and pretend you're health insurance company, providing especially lucrative insurance for their specific health problem, all they have to do is go to my fake website and provide their credit card details and they will get their fake insurance.

On Twitter they shared their excitement about ordering a new tool for their hobby. We've got their number, let's send them a SMS with a fake tracking link for their parcel. When clicked, it asks you to download the tracking app(disguised fluBot) After it's downloaded, it'll steal your banking information.

I see on Reddit, they interact a lot in the forum dedicated to a specific field in entertainment industry. I create a fake profile where I impersonate my love for said field. I message them, establish trust over time, and after a couple of weeks, I message them I urgently need money to buy a birthday cake for my grandpa (real thing that has actually happened to me) and request money in either cryptocurrency or online gift cards.