Phishing Scammers Utilize Social Media for Reconnaissance


By Zachary Amos, Features Editor at ReHack

Phishing scammers are increasingly employing sophisticated tactics to deceive unsuspecting victims. Reconnaissance, often shortened to “recon,” is the process of collecting information or data about a specific target or area. 

The primary purpose of recon is to gather information or assess a situation to develop strategies or make informed decisions. Individuals need to be aware of the potential risks associated with social media surveillance and take steps to protect their online privacy and security. 

How Phishing Scammers Exploit Available Information

Phishing scammers are skilled in leveraging the information they can gather from various sources, mainly through social media platforms. A reported 90% of individuals share personal and professional details online. On platforms like LinkedIn, Instagram and Facebook, 55% of users maintain publicly visible accounts.

Here’s how scammers can manipulate this data:

  • Profile information: Scammers often start by examining an individual’s social media profile. They gather personal details like full names, locations and birthdates. This data is the building block for creating convincing phishing messages or impersonating the individual.
  • Friend lists: Scammers may engage in a tactic involving infiltrating the friend list of their target. They can create counterfeit profiles that closely resemble the target’s friends or connections. These profiles give scammers the capability to impersonate individuals who are trusted by the target, bolstering the credibility of their fraudulent schemes.
  • Interests and hobbies: Scammers may employ a systematic approach to analyze the interests, hobbies and daily routines of their targets. This acquired data becomes invaluable for tailoring phishing emails and messages in alignment with the victim’s preferences. 
  • Public posts: Publicly shared information on social media profiles, such as vacation plans, job changes or personal achievements, can be a prime resource for scammers. They employ this data to construct scenarios or messages relevant to the target’s recent activities.
  • Data aggregation: In certain instances, scammers may undertake data aggregation from multiple sources to develop a more comprehensive profile of their targets. This could entail data from social media, publicly available records and information obtained from data breaches.

Types of Phishing

The recent Equifax security breach enabled hackers to enable sensitive information like Social Security numbers, driver’s license details, birthdates and personal addresses for 146 million Americans. Other consequences included decreased stock valuations, job losses and tarnished business reputations. 

Phishing is a malicious online activity that takes various forms. Besides social media phishing, here are some other common types of attacks:

  • Email phishing: This is the most widespread form of phishing. Roughly one out of every 2,500 email messages is a phishing scam. Scammers send emails that appear legitimate but contain malicious links or attachments. These emails often impersonate trusted entities such as banks or government agencies.
  • Pharming: Phishing scams may redirect users to fake websites that appear natural. This can be achieved through manipulating DNS settings or utilizing malware to reroute users to fraudulent websites.
  • Vishing: Vishing, or voice phishing, involves phone calls where scammers impersonate legitimate entities — often with a sense of urgency — to extract personal or financial information over the phone.
  • Whaling: Whaling targets high-profile individuals or executives within an organization. Scammers pose as CEOs or top-level executives to trick employees into taking specific actions such as transferring funds or disclosing sensitive data. 

Social Media Best Practices

Social media platforms have become a haven for phishing scammers due to the vast information available. People often overshare on social media, unwittingly providing scammers with valuable data.

When using social media, individuals should follow best practices to avoid falling victim to phishing for reconnaissance. Individuals should review and adjust their social media privacy settings periodically. 

They should limit the amount of personal information visible to the public or connections. Restricting access makes it more difficult for scammers to gather information. Before accepting friend requests or connections, individuals should take the time to verify the person’s identity, especially if they don’t know them personally.

Ensure social media accounts have strong and unique passwords. Avoid using the same password across multiple platforms. Consider using a password manager to keep track of complex passwords.

It’s also recommended to implement two-factor authentication wherever possible. This adds an extra layer of security to accounts, making it more challenging for unauthorized individuals to gain access.

If individuals encounter suspicious accounts or messages, they should report them to the social media platform. The platform can take action to investigate and potentially remove malicious content. 

Staying Safe in the Digital World

In an age where personal information is readily available online, it’s vital to understand how phishing scammers utilize social media for reconnaissance. Remember, the best defense is a well-informed and cautious user. Stay safe in the digital realm.


As the Features Editor at ReHack, Zac Amos writes about cybersecurity, artificial intelligence, and other tech topics. He is a frequent contributor to Brilliance Security Magazine.


Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.