What is OSINT (Open Source Intelligence) in the context of social engineering attacks?

Information collected from publicly available sources like social media, websites, and public records to plan attacks.

Which of Alice's social media activities provided valuable intelligence to the attacker? (Select all that apply)

Commenting on Mike's OurTube presentation and mentioning the SecureTech project. Additionally, Posting on LinkedIn about her SecureTech project and tagging her teammate Sarah Johnson. Additionally, Publicly revealing her relationship with colleagues Mike and Sarah.

How did Bob obtain Mike's voice samples for AI voice cloning?

By analyzing the publicly available OurTube conference presentation that Alice linked to.

Social Media Oversharing

Learn how seemingly harmless social media interactions can inadvertently provide attackers with crucial intelligence needed to craft highly targeted and convincing social engineering attacks against organizations.

What You'll Learn

Understand how Open Source Intelligence (OSINT) gathering works and its role in targeted attacks
Recognize how public comments and posts can reveal sensitive organizational information
Learn to identify what types of professional information should remain confidential
Understand how attackers combine multiple public data sources to build detailed attack profiles
Develop awareness of AI voice cloning technology and how public recordings enable it
Master appropriate social media boundaries for sharing work-related information

Training Steps

Introduction

Alice works at Nexlify Solutions and is currently leading a high-profile project for SecureTech Corp. It's Monday morning, and Alice starts her day by checking her company email inbox. Meanwhile, hacker Bob has been researching Nexlify Solutions and their employees through various public sources, looking for information he can exploit for his upcoming attack.
The Company Announcement

Alice receives an internal company email celebrating Mike Stevens' successful presentation at a recent cybersecurity conference. The email encourages employees to watch the recorded presentation and leave congratulatory comments.
Clicking the Link

Alice clicks on the OurTube link from the email.
Skipping the Presentation

Alice decides to watch the video later after the workday is over. If she had watched it, she would have learned that during the talk, Mike mentions that Nexlify Solutions is working on several exciting projects with major clients, though he doesn't reveal specific details due to confidentiality agreements.
Posting a Comment

Alice scrolls down the page to find the comment section and leave an encouraging comment. While doing so, she accidentally shares internal company information.
Bob's Video Analysis

Meanwhile, Bob has also discovered the same OurTube conference video. However, his interest isn't in congratulating Mike - he's analyzing the audio to extract voice samples. Bob uses specialized software to isolate Mike's speech patterns, tone, accent, and vocal characteristics from the 45-minute presentation. Bob collects key phrases and words that Mike uses, noting his Boston accent and professional speaking style. This audio data will become the foundation for creating a convincing AI voice clone.
The LinkedIn Inspiration

In her comment on Mike's presentation, Alice mentioned the upcoming SecureTech project - information that should have remained private to the company and not been shared publicly. Feeling inspired to share her own professional achievements, Alice remembers her current project with Sarah for SecureTech Corp. She decides this would be perfect content for a LinkedIn post to showcase her work and celebrate teamwork.
Creating a Post

Alice creates a LinkedIn post about her work, inadvertently sharing even more sensitive company information publicly.
Bob's OSINT Discovery

Bob's automated monitoring tools alert him to Alice's new LinkedIn post within minutes. He now has valuable intelligence: Alice is the project leader for SecureTech Corp Sarah Johnson is her team member The project involves infrastructure security implementation Alice has a collegial relationship with Mike Stevens The company has ongoing high-profile projects Bob cross-references this information with Alice's previous comments, confirming the connections between these employees.
Exploiting Social Media Intelligence

Bob leverages all the information Alice unknowingly provided through her social media activity. He can now mention Sarah by name, reference the SecureTech project specifically, and impersonate Mike since Alice clearly knows and respects him. Bob creates a believable urgent scenario based on Alice's public posts and prepares to launch his attack.

Knowledge Check Questions

This training includes a 6-question quiz to test your understanding of Social Media Security threats and defenses.

What is OSINT (Open Source Intelligence) in the context of social engineering attacks?
Which of Alice's social media activities provided valuable intelligence to the attacker? (Select all that apply)
How did Bob obtain Mike's voice samples for AI voice cloning?
What specific information about the SecureTech project did Alice accidentally reveal? (Select all that apply)
What are the key lessons from Alice's social media mistakes? (Select all that apply)