Reading your corporate website
Of course, attackers search outside social networks to collect intelligence on potential victims. Your corporate website may be helping inform future breaches.
"Even if they don't know the avenue of attack, if they generate a lot of intelligence via open-source means, they're likely to target a specific company because they have more knowledge of their employees," Ginty explains.
Many organizations post chats of their leadership, boards of directors, and oftentimes additional staff teams on their websites, adds Harris. If an attacker knows the email pattern for your company -- and they only need one address to do so -- they can easily figure out your executives' contact information and target them with spam.
The more information they can gather on individual leaders, the more credible their attacks can get. "People at specific conferences or public speaking engagements provide an avenue to create social engineering and phishing emails that are more believable to an end user," Ginty says. Business sites are the "low-hanging fruit" of information that can drive successful social engineering attacks.
"We need to do a better job of being smarter, understanding who we're talking to, and how we expose information to the public," says Harris.
(Image: David Arts via Shutterstock)