What is OSINT?
Open source intelligence (OSINT) means any kind of information that can be gathered from publicly available sources. Most common sources include various social media sites, blogs, company news sites and search engine results (e.g. Google).
How can OSINT be used?
OSINT can be used in gathering information for targeting users and organisations for phishing and spear phishing campaigns. OSINT information can be used for customising messaging with organisational information (e.g. logo, relevant news, user information) that make the user more likely to click on the message.
How can I protect myself?
There are some basic steps you can do to make your personal and organisational information less public.
Here are some tips for protecting yourself on social media:
- Make your social media profiles private (not public)
- Reduce the amount of personal information you share on social media
- Do not share pictures of your badge or your workspace
- Reduce the amount of work related information you share on social media, including:
- Images or descriptions of your workplace
- Images or descriptions of your tools (email system, laptops, phone systems)
- Images or descriptions of your team members
All information you share publicly about yourself, your team, or your organisation can be used in targeted attacks against you or your organisation.