A phishing attack against your employees is usually preceded by a short phase of reconnaissance of the targets. In targeted spear phishing attacks, fraudsters often take data from employees’ social media profiles. There are also email lists offered in hacker forums, and lastly, there are a number of hacking tools that search the Internet and Dark Web for information on the targets.
Higher-ranking CEOs & C-suite executives are usually more exposed to the public (their profile can often be found on the organization’s website), making them easier targets. For all other departments and employee types, it is difficult to assess the steps an attacker has to take to gather the information they need to reach their target. Only if you venture to perform the same information gathering as the hacker, can you assess the risk of your employees getting exposed to phishing attacks. The greater an employee’s exposure on the Internet or Dark Web, the higher the likelihood of them becoming a victim of a social engineering attack, like phishing. Employees who register with their names and business email accounts on private websites put the whole organization at risk as this gives the hacker a bigger attack surface.
In Kaduu, we measure each employee’s exposure on the Internet and note where indications of activities related to the specific email account can be found. We try to find the employee’s email address on the Internet, Deep Web or Dark Net and list the according email references from the websites where we found the account. We then try to investigate how often the email is referenced in different unique sources. The more sources, the bigger the exposure.
Everything that helps you reduce your attack surface can also limit future breaches. If you find any employee’s business email account on private websites, you will be able to create targeted user awareness training that helps them understand the consequences of such an exposure.
We have two type of searches:
In both cases you need to enter the company domain with the syntax "domain.com". Please use the TLD used for your email accounts.