Leveraging Social Networks
Attackers can use social applications such as MySpace and Facebook to gain inordinate amounts of information about a company’s employees. Information such as an employee’s hometown, her interests, and even incriminating pictures are available on these sites.
Social applications attempt to prevent unauthorized parties from viewing users’ information. However, social applications and their users benefit from that information being publicly available, making it easier for people to find others who share similar interests without knowing them first. Users of social applications are therefore given an incentive to share as much data as they can; the more data they share, the more they benefit from the social network.
Facebook and MySpace
The popularity of social applications such as Facebook and MySpace has grown exponentially around the world. These applications are driving a phenomenal paradigm shift in how people communicate and collaborate.
From an attacker’s point of view, a wealth of information is available from profiles on social networking websites. An attacker can obtain an amazing amount of information without even having an account on some social networking applications, such as MySpace. Alternatively, an attacker can easily create an account to gain the ability to interact with a targeted individual. For example, an attacker may send friend requests to an employee of a specifically targeted company to gain additional knowledge of the company.