Social Media Oversharing
See how attackers exploit your public profiles.
What You'll Learn in Social Media Oversharing
- Identify the specific types of social media posts that expose personal, financial, and organizational information to attackers
- Conduct a personal digital footprint audit across LinkedIn, Facebook, Instagram, and X to assess your current exposure level
- Configure platform-specific privacy settings to limit public visibility of sensitive personal and professional details
- Explain how attackers use OSINT techniques to combine fragmented social media data into targeted spear-phishing campaigns
- Recognize how corporate LinkedIn pages, employee directories, and organizational charts create attack surfaces for whaling and BEC
Social Media Oversharing Training Steps
-
Introduction
It's Monday morning, and Alice starts her day by checking her company email inbox.
-
The Company Announcement
Alice receives an internal company email celebrating Mike Stevens' successful presentation at a recent cybersecurity conference. The email encourages employees to watch the recorded presentation and leave congratulatory comments.
-
Clicking the Link
Alice clicks on the OurTube link from the email.
-
Skipping the Presentation
Alice decides to watch the video later after the workday is over. If she had watched it, she would have learned that during the talk, Mike mentioned that Nexlify Solutions was working on several exciting projects with major clients, though he didn't reveal specific details due to confidentiality agreements.
-
Posting a Comment
Alice scrolls down the page to find the comment section and leave an encouraging comment. While doing so, she accidentally shares internal company information.
-
Bob's Video Analysis
Meanwhile, Bob has also discovered the same OurTube conference video. However, his interest isn't in congratulating Mike - he's analyzing the audio to extract voice samples. Bob uses specialized software to isolate Mike's speech patterns, tone, accent, and vocal characteristics from the 45-minute presentation. Bob collects key phrases and words that Mike uses, noting his Boston accent and professional speaking style. This audio data will become the foundation for creating a convincing AI voice clone.
-
The LinkedIn Inspiration
In her comment on Mike's presentation, Alice mentioned the upcoming SecureTech project - information that should have remained private to the company and not been shared publicly. Feeling inspired to share her own professional achievements, Alice remembers her current project with Sarah for SecureTech Corp. She decides this would be perfect content for a LinkedIn post to showcase her work and celebrate teamwork.
-
Creating a Post
Alice creates a LinkedIn post about her work, inadvertently sharing even more sensitive company information publicly.
-
Bob's OSINT Discovery
Bob's automated monitoring tools alert him to Alice's new LinkedIn post within minutes. He now has valuable intelligence: Alice is the project leader for SecureTech Corp Sarah Johnson is her team member The project involves infrastructure security implementation Alice has a collegial relationship with Mike Stevens The company has ongoing high-profile projects Bob cross-references this information with Alice's previous comments, confirming the connections between these employees.
-
Exploiting Social Media Intelligence
Bob leverages all the information Alice unknowingly provided through her social media activity. He can now mention Sarah by name, reference the SecureTech project specifically, and impersonate Mike since Alice clearly knows and respects him. Bob creates a believable urgent scenario based on Alice's public posts and prepares to launch his attack.