SANS OUCH! for January: Search Yourself Online
You most likely have heard how important it is to protect your privacy and the information you share online. To demonstrate this, we are going to try something new; we are going to show you how to research yourself and discover what information is publicly known about you. The process is called OSINT, a fancy way of saying Open Source Intelligence. This means researching public resources online to see how much information you can learn about a computer IP address, a company, or even a person like yourself. Keep in mind, cyber attackers are using these very same tools and techniques. The more attackers can learn about you, the better they can create a targeted attack. This concept has existed for years, but the latest online tools make it so much simpler to accomplish.
How to Find Information
You will not find all the information on a single website. Instead you start with one website, learn some details, then use those details to search on and learn from other sites. Then you combine and compare results to create a profile or dossier of your subject. A good place to start is with search engines such as Google, Bing, or DuckDuckGo. Each of these have indexed different information about you, so start your search with more than one search engine. Start by typing your name in quotes, but after that expand your search based on what are called operators. Operators are special symbols or text you add to your search that better define what you are looking for. This is especially important if you have a common name; you may have to add more information such as your email address or the town you live in. Learn more about operators and advanced search techniques in the Resources section at the end. Examples include:
- “FirstName LastName” > What information can I find online about this person
- “Firstname Lastname@” > Find possible email addresses associated with this person
- “Firstname lastname” filetype:doc > Any word documents that contain this person’s name
There are also sites dedicated to learning about people. Try one of these sites to see what is publicly known about you. Keep in mind these sites are not always accurate or may be country specific. You may have to search several sites to verify the information you find.
(Note that these sites charge in order to see the results.)
How to Find Information
1. Learn what other people or organizations have collected, posted, or shared about you online (churches, schools, sports clubs, or other local community sites).
2. Understand that these same resources are available to anyone else, including cyber criminals who can use that information to target you. Be suspicious. For example, if you get an urgent phone call from someone claiming to be your bank, just because they know some basic information about you does not prove it is your bank. Instead, politely hang up, then call your bank back on a known, trusted number to confirm it is them. It is the same with email, just because an email has some known facts about you does not mean it is legitimate.
3. Consider what you share publicly and the impact that information could have on you, your family, or your employer.
View and download this and earlier OUCH! articles from