Attackers usually attempt to create a fake profile and establish communication with people. They pretend to be someone else while trying to trick a victim into revealing sensitive details about themselves. Additionally, there are many cases where a person's account is compromised and the attackers use the compromised account to communicate with the people in the victim's friend/connection list.

Attacks often use compromised social networking user accounts to create a very large network of friends/connections to gather information and sensitive details.

The following are some methods that are used to lure the employees of a target organization:

• Creating a fake user group
• Using a false identity by using the names of employees from the target organization
• Getting a user to join a fake user group and then asking them to provide credentials such as their date of birth, and their spouse's name

Social networking sites such as Facebook and LinkedIn are huge repositories of information that are accessible to many people. It's important for a user to always be aware of the information they are revealing because of the risk of information exploitation. By using the information that's been found on social networking sites, such as posts that have been made by the employees of organizations, attackers can perform targeted social engineering attacks on the target organization.

In the next section, we will cover phone-based social engineering attacks.