We asked a White-Hat hacker about cyberstalking techniques. This will be a series of articles explaining different methods and scenarios – to reveal how dangerous sharing information online can be. Read our interview with the hacker HERE and HERE.
Cyberstalking Scenario, Part I
Let’s say you meet someone on a dating app (Tinder, OKCupid, etc.). After some time of chatting, you decide to move to Facebook, where you use your real name and surname. Hence, if you encountered a stalker, he/she has your name.
You think, “Well, I don’t post anything personal on Facebook, there are only a few pictures of you as well. Most of the information is hidden, too”, right? Wrong!
So what a hacker can do with your name and surname?
Phase I: Stalker Gathers Information on His Victim
Tools: Maltego, a data mining tool, used for open-source intelligence and forensics
Your stalker can simply enter name/surname to Maltego’s database, and see what contact information is available about his victim online: what emails, what domains have a person by the same name are registered.
Then, the stalker will check whether the domain is legit and if any of the given accounts are valid.
We entered Elon Musk (for the sake of entertainment). Note: Since we inquired about a famous person, we got tons of false positives because people use Elon’s name to create fake profiles.
In this scenario, the stalker doesn’t know where his victim is employed. So what he/she can do using Maltego:
- Check what other people who are registered to that domain, check for their emails
- Research these people: what is their status in the company, what additional information is available
Phase Ii: Scammy Emails
Tools: DIY email tool
When stalkers find the names of their victims’ colleagues, they can craft a scam email. It looks just like a real one, with a few ‘red flags’ to notice.
Anything can be written in the email. It’s just a matter of one’s imagination. Also, it depends on whether the stalker wants to scam you or sabotage your life by sending fake email to your employer and family.
The latter example is here: a young woman’s stalker, whom she met on Instagram, sent fake emails to her workplaces claiming she’s a prostitute or a drug dealer.
But if the stalker wants to scam you, he will act according to a different scenario.
Imagine, you receive an email from your direct manager or your human resources to press on a link and fill out a form as soon as possible.
Again, for the sake of entertainment we used Elon Musk:
Phase III: Scam
The link can either be infected with malware or have a fraudulent form asking you to enter some kind of personal and even sensitive credentials.
“I recently audited one company [I can’t disclose its name], where I basically created a fake login form to their content editing system. I sent an email saying that the system was updated and everybody needed to log in. 20% of people did – I had all of the credentials I needed to hack into the real system. On average, 20% of employees fall victim to such scammy emails’, – explains the hacker.
Is There Anything You Can Do?
The worst part of this – you may never know it was him or her who did it. Unknowingly, you may continue communicating with the stalker. By the time, revealing more and more of your personal information, that he can also abuse.
There are a few rules you should always consider:
- Be cautious. Not everyone has good intentions
- Don’t share your personal details with random strangers. The more info you provide, the higher the chances of being hacked or stalked
- Take your time. If you feel like you’re being pressured to do something, chances are – it will not end well.
- Do a background check. Examine your match’s profile, run a thorough search
- Don’t press on links. If your potential date sent you a link, don’t rush on pressing it, because the link may be infected
This is the first article from the series about cyberstalking techniques
Secure your digital life with Surfshark
Only $1.99/mo. 30-day money-back guarantee with every planBuy NOW