A security researcher decided to see how hard it would be to create a targeted phishing attack on a total stranger. He went to Facebook and found a guy he did not know personally and found a wealth of information, including:
If the security researcher was a bad guy trying to get access to this victim’s corporate login credentials, he could easily create an email with the subject line “Problem with your credit card charge at Tapley’s Pub” — a subject line that would make him open the email given his recent visit there.
Next, in the email, the bad guy could write a short, believable message about a problem in running his credit card and provide a link asking him to verify the charge. That link could be to a site that would automatically download a keystroke logger to his computer, and GAME OVER.
The bad guy can now capture every keystroke of the victim from then on, which would include login credentials and other confidential information.
The moral of this story: do not share all kinds of personal information on social media. This is true from the mail room up to the board room. Shared personal information can come back to you and bite hard.
Think Before You Share.