Last post was all about controlling your cyber footprint. I fear I got beyond the point and expressed that you need to commit cyber suicide and disappear from the internet forever. While that wouldn’t be the worst thing you could do for your life, it also isn’t what I meant. I touched on OSINT and how important it is for hackers, social engineers, and identity thieves but I don’t think I stressed it enough.
To paint you the picture I’ll use a simple example that I got to experience recently. As a little background, I had an ad on craigslist for computer services. I didn’t get a single hit for about a month. Now, if you’ve never used craigslist, there’s a small window where people will actually find your ad and act on it.
I got an email from a lady claiming to have a very lucrative job opportunity. Essentially, she was out of town for business and had 7 laptops that needed to be wiped/reloaded, a few applications installed, and a security baseline taken. She also told me to name my price and her assistant will write me a check. I thought,”Wow this is the best job offer I’ve ever gotten!”
So, clearly, I email her back telling her I’m interested in the job and give her my price which I calculated to about $2000 based on an hourly wage of $40 (which is somehow cheaper than the low end average).
The next email I got from her was so incredibly generic and had extremely poor grammar. HUGE RED FLAGS! I couldn’t believe it. It was a scam. I’m not sure how she was planning on stealing money from me because I didn’t have to pay for anything, but a scam nonetheless.
How did I confirm it? I actually copy and pasted the entire email into google and it popped up all over the place. I then emailed her back telling her I didn’t want to have any future interactions due to it being a scam. I haven’t heard back.
So where’s the OSINT? This was a response to an advertisement. Open source intelligence. What are you advertising about your personal life?