Skip to main content
SpringerLink
Log in

A Structured Comparison of Social Engineering Intelligence Gathering Tools

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10442))

Included in the following conference series:

Abstract

Social engineering is the clever manipulation of the human tendency to trust to acquire information assets. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Traditional penetration testing approaches often focus on vulnerabilities in network or software systems. Few approaches even consider the exploitation of humans via social engineering. While the amount of social engineering attacks and the damage they cause rise every year, the defences against social engineering do not evolve accordingly. However, tools exist for social engineering intelligence gathering, which means the gathering of information about possible victims that can be used in an attack. We survey these tools and present an overview of their capabilities. We concluded that attackers have a wide range of intelligence gathering tools at their disposal, which increases the likelihood of future attacks and allows even non-technical skilled users to apply these tools.

The original version of this chapter was revised: Modifications have made to Table 7. For detailed information please see Erratum. The Erratum to this publication is available online at https://doi.org/10.1007/978-3-319-64483-7_16

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Notes

  1. 1.

    https://www.google.de.

References

  1. Freebackgroundcheck. https://mybackgroundcheck.preemploy.com

  2. Instant checkmate. https://www.instantcheckmate.com

  3. Norwegian register. http://skattelister.no/

  4. Tax information. http://www.veroporssi.com/

  5. Whitepages. http://www.whitepages.com

  6. Barrett, N.: Penetration testing and social engineering: hacking the weakest link. Inf. Secur. Tech. Rep. 8(4), 56–64 (2003)

    Article  MathSciNet  Google Scholar 

  7. BBC News. How to hack people, October 2002. http://news.bbc.co.uk/2/hi/technology/2320121.stm

  8. CareerBuilder. Job search engine. http://careerbuilder.com/

  9. Dimensional Research. The risk of social engineering on information security, September 2011. http://docplayer.net/11092603-The-risk-of-social-engineering-on-information-security.html

  10. Dimkov, T., van Cleeff, A., Pieters, W., Hartel, P.: Two methodologies for physical penetration testing using social engineering. In: Proceedings of ACSAC, ACSAC 2010, pp. 399–408. ACM (2010)

    Google Scholar 

  11. Dun & Bradstreet. Sales acceleration platform. http://www.hoovers.com/

  12. Edge-Security. theHarvester. http://www.edge-security.com/theharvester.php

  13. Glassdoor. Recruiting website. https://www.glassdoor.de/

  14. Gragg, D.: A multi-level defense against social engineering. SANS Reading Room, 13 March 2003

    Google Scholar 

  15. Gulati, R.: The threat of social engineering and your defense against it. SANS Reading Room (2003)

    Google Scholar 

  16. Hadnagy. Social engineering toolkit (set). http://www.social-engineer.org/framework/se-tools/computer-based/social-engineer-toolkit-set/

  17. Hadnagy, C.: Social Engineering: The Art of Human Hacking. Wiley, Indianapolis (2010)

    Google Scholar 

  18. Hadnagy, C.: The Official Social Engineering Portal (2015)

    Google Scholar 

  19. Internetsafety 101. Social Media Statistics (2013). http://www.internetsafety101.org/Socialmediastats.htm

  20. Kakavas. Geolocation OSINT Tool. http://www.geocreepy.com/

  21. Kee, J.: Social Engineering: Manipulating the Source. GCIA Gold Certification (2008)

    Google Scholar 

  22. KnowEm LLC. Social media brand search engine. http://knowem.com/

  23. Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Social engineering attacks on the knowledge worker. In: Proceedings of Security of Information and Networks, SIN 2013, pp. 28–35. ACM (2013)

    Google Scholar 

  24. LinkedIn. Business social networking service. http://linkedin.com/

  25. MarketVisual. Business search engine. http://www.marketvisual.com/

  26. Milosevic, N.: Introduction to Social Engineering (2013)

    Google Scholar 

  27. Mitnick, K.D., Simon, W.L.: The Art of Deception: Controlling the Human Element in Security (2003)

    Google Scholar 

  28. Monster Wolrdwide Inc., Job search engine. http://monster.com/

  29. Namechk. Username and domain search tool. https://namechk.com/

  30. National Association of Counties. http://www.naco.org/

  31. Pakistan Government. Federal board of revenue. http://www.fbr.gov.pk/

  32. Paterva. Maltego clients and servers. https://www.paterva.com/web6/products/maltego.php

  33. Public Accountability Initiative. http://littlesis.org/

  34. Ratsit & Invativa. Credit business website. http://www.ratsit.se/

  35. Regan, K.: 10 Amazing Social Media Growth Stats From 2015 (2015)

    Google Scholar 

  36. Shodan. Search engine for the internet of things. https://www.shodan.io/

  37. Socialmention. Social media search platform. http://socialmention.com/

  38. Spokeo. People search website. http://www.spokeo.com/

  39. The Internet Archive. The wayback machine. https://archive.org/web/

  40. Tomes, T.: Web reconnaissance framework. https://bitbucket.org/LaNMaSteR53/recon-ng

  41. Verizon. Data Breach Investigations Report (2012). http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_xg.pdf

  42. Verizon. Data Breach Investigations Report (2013). http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf

  43. Warkentin, M., Willison, R.: Behavioral and policy issues in information systems security: the insider threat. Eur. J. Inf. Syst. 18(2), 101–105 (2009)

    Article  Google Scholar 

  44. Watson, G., Mason, A., Ackroyd, R.: Social Engineering Penetration Testing: Executing Social Engineering Pen Tests, Assessments and Defense. Syngress, Rockland (2011)

    Google Scholar 

  45. Xing. Business social networking service. http://xing.com/

Download references

Acknowledgements

This research has been partially supported by the Federal Ministry of Education and Research Germany (BMBF) with project grant number 16KIS0240.

Author information

Authors and Affiliations

  1. Institute of Informatics, Technische Universität München (TUM), Boltzmannstr. 3, 85748, Garching, Germany

    Kristian Beckers, Daniel Schosser & Peter Schaab

  2. Faculty of Economics and Business Administration, Goethe University Frankfurt, Theodor-W.-Adorno-Platz 4, 60323, Frankfurt, Germany

    Sebastian Pape

Authors
  1. Kristian Beckers
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Schosser
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sebastian Pape
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peter Schaab
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kristian Beckers .

Editor information

Editors and Affiliations

  1. University of Malaga, Malaga, Spain

    Javier Lopez

  2. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  3. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Beckers, K., Schosser, D., Pape, S., Schaab, P. (2017). A Structured Comparison of Social Engineering Intelligence Gathering Tools. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham. https://doi.org/10.1007/978-3-319-64483-7_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64483-7_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64482-0

  • Online ISBN: 978-3-319-64483-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation