Email attacks are the cheapest attacks to pull off against executives. They have the potential to be very efficient and can have a high success rate if the email is from a member of the executive’s trusted circle.

Earlier in the chapter, we demonstrated ways to identify members of an executive’s corporate circle using network analysis and by harvesting social networking sites. In this attack scenario, we will be using public websites to identify a member who could be in the victim’s trusted circle.

Let’s use O’Reilly Media as our target. Assuming the attacker didn’t know the CEO of O’Reilly Media, he could use a social networking site, such as LinkedIn, to identify potential victims.

Identifying the executive to attack

Using “O’Reilly” as the company search term and “CEO” as the title search term returns 34 results. We quickly identify the profile for Tim O’Reilly, CEO of O’Reilly Media, as shown in Figure 9-9.

Figure 9-9. Tim O’Reilly’s LinkedIn profile

Unfortunately for the attacker, Tim has more than 500 connections, so LinkedIn is not going to help the attacker identify potential members of Tim’s trusted circle. The attacker will have to use another ...