Your Information Is Out There — And That’s the Problem
We often think of cyberattacks as technical — complex code, encrypted malware, or stealthy backdoor exploits. But in reality, many successful attacks start with something far simpler: publicly available information.
This is the world of OSINT (Open Source Intelligence) and SOCMINT (Social Media Intelligence). And it’s where attackers do their homework — gathering details you’ve unknowingly shared online to craft personalised, convincing, and devastatingly effective attacks.
Whether you’re a business owner, an employee, or just an everyday internet user, understanding how attackers use OSINT and SOCMINT is the first step to protecting yourself.
What Is OSINT? (And Why It’s So Dangerous in the Wrong Hands)
OSINT — Open Source Intelligence — is the practice of collecting publicly available information to build insight about a person or organisation. It doesn’t involve hacking or breaching defences. It uses the information you’ve already put out into the world — or that others have published about you.
So where can this data come from? The list is longer than most people realise.
An attacker might begin on your company website, where they’ll find leadership bios, client logos, case studies, and often a breakdown of the technology stack or strategic partnerships. Job advertisements on recruitment platforms can reveal the tools your team uses internally, which departments are expanding, and which systems might be under strain. Press releases and blog posts sometimes disclose project details, software implementations, or office moves.
Then there’s LinkedIn — a goldmine for OSINT. A quick search reveals who works where, what their role is, when they joined, and often what projects they’ve worked on. Combine that with personal blogs, podcasts, online forums, and academic or industry presentations, and an attacker can build a scarily accurate picture of who you are, what systems you use, and where vulnerabilities might lie.
They can even dig into domain registration details (like WHOIS records) to find out who owns a website, what email addresses are associated with it, and when it was registered. In some cases, they’ll check for past data leaks on the dark web — seeing whether company credentials have already been exposed.
What makes OSINT so dangerous isn’t just how much can be found — it’s how easily it can be pieced together into a narrative. For attackers, this is the research phase. And when done well, it gives them everything they need to craft a highly convincing email, impersonate a colleague, or time their attack for maximum impact. For example, an attacker who sees from a job listing that your organisation uses a specific invoicing platform could spoof a support message from that provider. If they also know the name of your finance manager and their reporting line, they might impersonate that manager, referencing a recent press release or blog post for credibility. If they’ve found an old data leak on the dark web with reused credentials, they may even be able to access internal tools directly. OSINT allows them to choose the most effective method — whether phishing, impersonation, or credential stuffing — based on the real-world information you’ve made available.
While OSINT is frequently used by security professionals to defend systems and spot weaknesses, it’s also a powerful tool for attackers. They use it to piece together who works where, what technologies are in place, who your suppliers are, and where the weakest links might lie. In short: it’s the reconnaissance phase — and it’s frighteningly easy.
SOCMINT: Your Social Media Is Their Toolkit
Oversharing in Plain Sight
We don’t always realise how much we share online — or how much of it is useful to an attacker. That includes not just work updates and holiday snaps, but also the types of personal details that often end up in passwords: pet names, favourite sports teams, birthdays, anniversaries, and other milestones. It’s all there, scattered across posts, profile bios, comments, and even photos.
Attackers look for this kind of information because they know how common it is for people to use personal references in their passwords or security questions. If your dog’s name is in your Instagram bio, your anniversary is tagged in a Facebook post, and your child’s name is mentioned in a birthday message, a persistent attacker already has a short list of likely password components. Even partial clues — like the name of your first school or your mother’s maiden name — can be uncovered with a little digging across multiple platforms. For example, it’s surprisingly common to see women list both their current and maiden names in their social profiles — often in parentheses, like Jane Smith (Doe). This well-meaning choice, meant to help old friends find them, also hands attackers one of the most frequently used identity verification answers on a silver platter. Pair that with tagged family connections — like linking to now-adult children — and it becomes trivial for someone to build a detailed profile that bypasses account security questions.
Feeding the Narrative
Because every detail adds to a bigger picture. A birthday post reveals your date of birth. A tagged photo at your child’s school shows your location. A job update confirms a promotion or access to more sensitive systems. Attackers use this patchwork of casual, everyday content to build context and trust. If they know who you’re connected to, what tools your company uses, when you’re on holiday, or what tone your team uses to communicate, they can exploit that to craft incredibly convincing social engineering attacks.
Weaponising Familiarity
They use this information to mimic your voice, reference real-life details, and time their messages perfectly — whether it’s a fake invoice while you’re away, or a phishing email that sounds exactly like a colleague. It’s not the technology that makes these attacks effective. It’s the psychological familiarity that comes from knowing just enough to slip past your instincts. It’s not the technology that makes these attacks effective. It’s the psychological familiarity that comes from knowing just enough to slip past your instincts.
The Trap of ‘Fun’ Online Games
One of the most dangerously effective examples of this is the rise of so-called ‘harmless games’ on social media — posts that encourage users to share fun facts like their ‘rockstar name’ (based on the colour of their shirt and their first pet’s name), or their ‘spy name’ (using your childhood street and your first holiday destination). It seems like a bit of fun, but attackers use these exact questions for password guessing and identity theft. They’re often the same prompts banks, websites, and recovery systems use to verify your identity. Every time someone shares answers publicly, they’re unintentionally feeding those details straight to anyone watching — especially those who know how to weaponise them.
How Attackers Use OSINT and SOCMINT to Build Their Attacks
When attackers want to breach an organisation, they don’t always start with code — they start with clues. OSINT and SOCMINT give them a way to study their target without ever triggering an alert.
They begin by identifying key roles through LinkedIn, staff pages, or published interviews. They track organisational structure, tech stack, supplier relationships, and typical communication style. From there, they monitor social media: when someone goes on holiday, who comments on what, and how individuals describe their work and routines.
The real advantage isn’t the data alone — it’s the context. They might see your company’s head of finance posted about attending a sustainability conference in Berlin. A few days later, a “follow-up invoice” arrives in their inbox from a known supplier — with the correct branding and internal tone. Except it’s a spoof. The attacker knew who to impersonate, when to send it, and what language to use — all from OSINT and SOCMINT.
The better the research, the more believable the attack. And once an attacker is inside, they often use that same intelligence to deepen their access, compromise other accounts, or move laterally through systems — all while blending in with normal activity.
These attacks aren’t random. They are custom-built for the target. And they succeed because the groundwork has already been done.
Real-World Example: Breach Through the Backdoor
Let’s take a multi-stage scenario that goes beyond a simple phishing email.
An attacker is researching a growing design agency that works with several large retail brands. On the agency’s website, they find a list of recent clients and case studies. They also see a “Meet the Team” section that includes names, roles, bios, and social handles.
They start with LinkedIn, focusing on the Business Development Manager and the Lead Designer. From their posts, the attacker learns that the Lead Designer is currently working on a new e-commerce launch for a well-known brand — and from Instagram, they discover the exact product name and the anticipated release date. The Business Development Manager has recently posted about onboarding a new project management platform and has shared a screenshot with a partially visible interface.
The attacker builds a spoofed login page replicating that same project tool. Using OSINT, they create a tailored phishing message referencing the product launch timeline and request the Lead Designer “review last-minute assets from the client.” It arrives late on a Friday, just before the team logs off.
The designer clicks and unknowingly enters credentials into the fake portal. The attacker now has access to internal communications, timelines, and third-party file shares. But they don’t stop there.
With internal information in hand, the attacker targets the agency’s client — a retail brand worth millions. They craft an internal-looking email from the agency, complete with shared artwork, branding, and delivery dates. The client opens it, clicks a link — and a remote access trojan is deployed.
Now, the attacker has bridged two organisations using nothing more than open data and a few well-placed messages. It’s not just about stealing logins — it’s about using intelligence to infiltrate the supply chain and exploit trust at every level.
This kind of attack shows how layered OSINT and SOCMINT can be when used strategically. It didn’t require hacking firewalls or exploiting software. It relied on what was already out there — and what no one thought to hide.
How to Protect Yourself and Your Business
The first step is awareness. Most people don’t realise how much information about them is available online — or how attackers use it.
Take time to audit your digital footprint. Google yourself, your team, and your business. Review what comes up in search results, what’s public on your social profiles, and what company information might be giving away more than intended.
Encourage everyone in your organisation to be more intentional about what they share online. Travel updates, new tool announcements, even holiday snaps can offer valuable timing cues for attackers. A culture of cautious posting goes a long way.
Training is key. When your team understands how attackers gather and use information, they’re more likely to spot red flags — and less likely to dismiss those gut feelings. Combine this with strong internal processes: verification steps for financial requests, privacy reviews on social media, and a clear protocol for handling suspicious messages.
Work with cybersecurity professionals to conduct ethical OSINT tests on your business. You might be surprised by what’s out there — and relieved to know how to fix it.
What You Share Can Be Used Against You
From job ads and blog posts to profile bios and birthday wishes — attackers are constantly scanning what we put online, and they’re using it to build smarter, more targeted attacks. OSINT and SOCMINT don’t require hacking tools or elite coding skills. They rely on human behaviour: what we say, what we share, and what we overlook.
Throughout this blog, we’ve shown how seemingly harmless information — a pet’s name, a holiday snap, a job title — can be turned into the perfect attack strategy. These threats aren’t theoretical. They’re happening right now, and they work because they’re tailored, believable, and timed to exploit trust.
This isn’t about scaring people into silence. It’s about helping teams and individuals think more critically about what they share and how that data can be used. Cybersecurity isn’t just about firewalls and passwords — it’s about people, psychology, and awareness.
At Cyber Rebels, we specialise in helping organisations understand how attackers think. Through live, practical training and real-world digital footprint assessments, we give your team the tools to spot threats before they land. Because the best way to stop an attacker using your own information against you — is to understand what they see in the first place.
Ready to take control of your online exposure? Let’s talk.
Director of Training and Development, Cyber Rebels.
Andy Longhurst is the founder of Cyber Rebels and a cybersecurity practitioner and educator focused on how risk actually shows up in real organisations. His work sits at the intersection of digital safety, education, and practical risk management — helping teams understand not just what policies say, but what happens in the moments where decisions are made under pressure.
With a background spanning adult education, web development, and technical consultancy, Andy specialises in translating complex security concepts into clear, usable understanding. Rather than focusing solely on tools or compliance frameworks, his approach centres on human behaviour, judgement, and the systems that shape everyday choices.
He delivers live, interactive cyber awareness training for organisations of all sizes, from small businesses and education providers to public-sector teams and larger organisations operating in complex risk environments.
Outside of delivery, Andy spends his time analysing emerging attack patterns, refining training design, and exploring how organisations can build resilience that holds up in the real world — usually with a strategically sized cup of tea close to hand.
