An Attacker's View of You

Every piece of information you leave online is a puzzle piece. Here is how an attacker assembles the picture — and how you can take pieces off the board.

All content is fictional. No real reconnaissance is performed.

← Back to Security Awareness Hub

Follow fictional target “Alex” as an attacker pieces together a profile using only publicly available information.

Step 1

Starting Point

The attacker knows two things: Alex's name and employer. That is enough to start.

Name + Employer Professional Profile Email Format Full Name, Role, Department

Company naming conventions (firstname.lastname@company.com) are publicly guessable from a single employee's profile.

Professional networking profiles reveal job title, department, reporting hierarchy, and tenure.

Step 2

Email & Breach Discovery

With the email format confirmed, the attacker checks whether Alex's address appears in known data breaches.

Guessed Email Breach Database Check Leaked Password Hash Potential Working Credentials

Breach data often includes password hashes, security questions, phone numbers, and associated accounts.

If Alex reuses passwords, a single breach can unlock multiple accounts across different services.

Step 3

Social Media OSINT

The attacker now searches for Alex across social platforms, piecing together personal context from public posts.

Professional Profile Projects, tools used, certifications

Personal Network Home neighbourhood, local events

Photo Sharing Holiday dates, travel patterns

Combined Intel Spear-phishing pretext built

Professional posts reveal which tools and frameworks Alex's team uses — useful for crafting technical lures.

Holiday photos with timestamps tell the attacker exactly when Alex will be away and distracted.

Step 4

Domain & Infrastructure

The attacker shifts focus to Alex's employer, probing publicly available technical records.

Registration Records Admin contact, registrar, dates

DNS Records Mail servers, TXT records, SPF

Certificate Logs Internal subdomains revealed

Exposed Hosts staging.company.com, vpn.company.com

Certificate transparency logs are public by design. Any certificate issued for a subdomain is permanently recorded.

Subdomains like “jira.company.com” or “vpn.company.com” reveal internal tooling and entry points.

Step 5

Physical Exposure

Public records and event participation reveal Alex's physical world — home address, conference attendance, and travel habits.

Public Records Home Address

Conference Photos Badge: Name, Company, Role

Social Check-ins Hotel, Travel Dates, Location

Data broker sites aggregate public records, making home addresses searchable by name in seconds.

Conference badge photos shared online expose name, employer, and role to anyone who searches.

Step 6

The Attack Begins

With a complete profile, the attacker launches targeted attacks that feel personal and legitimate.

Attacker's Compiled Profile

Full name, role, department, and reporting chain
Work email and potentially valid credentials
Internal tools and project names
Home neighbourhood and travel schedule
Manager's name and communication style

Attack 1: Personalised email referencing Alex's current project and a fake shared document from a colleague.

Attack 2: Vishing call citing the manager's name, requesting an “urgent” credentials reset while Alex is travelling.

Attack 3: Fake job offer on a professional platform, exploiting Alex's listed skills and career interests.

Step 7

What You Can Do

Every step in this chain had a point where Alex could have reduced or eliminated the exposure. The decision tree below walks you through each category with specific, actionable remediation.

▼ Reduce Your Footprint — Start the Assessment

Reduce Your Footprint

Select the area you want to assess. Each path ends with specific remediation steps ranked by difficulty.

Loading decision tree…

⚙ All processing is client-side. No data is sent to any server. No cookies beyond session rate limiting. No tracking.