Risk of burglary, physical harm, cyber attacks or even damage to your reputation: certain data accessible online can be a source of risk. In light of this, having a digital footprint investigation made for yourself provides a complete picture of your personal data accessible online by someone with malicious intent and allows you to obtain personalised recommendations on how to limit the risks.
In recent months, several incidents in France have highlighted the risks associated with personal data being available on the internet. In the latest incident, Marseille-based influencer Soraya Riffy was the victim of a violent burglary at her home. Her lawyer explained in the French newspaper Libération that her attackers “knew exactly who she was” and that, “like many influencers, Soraya Riffy displays a lifestyle on social media that can appear quite luxurious”. This attack echoes a series of kidnapping attempts on figures in the cryptocurrency sector, made possible in part by information about them and their loved ones that is accessible online.
In addition to these physical risks, personal data online poses a cyber risk in that it can help an attacker carry out social engineering attacks, which are on the rise according to a recent report from Palo Alto Networks.
How can this be prevented?
Faced with these risks, one way to protect yourself is to carry out a digital fingerprint investigation to obtain a detailed report of all sensitive personal data available online.
The advantage of a digital fingerprint investigation, beyond listing the information available online, is that it identifies the risks involved and provides ways to remedy them.
At SightSwarm, our reports include several sections:Ainsi, chez SightSwarm, nos rapports comprennent plusieurs volets :
-
An overview of the digital presence, listing all the elements found (contacts, social media accounts, etc.).
⇒ The data collected is detailed and the manner in which we found it is indicated so that the investigation can be reproduced.
-
A report divided by risk type (physical, cyber, reputational, etc.), which is further broken down into the data collected, risk scenarios, and remediation measures.
⇒ Each risk scenario is analysed in detail so that our clients can get a clear picture of the level of risk and the urgency of responding to it.
How is a digital fingerprint produced?
Although there is a common methodology for creating digital fingerprint, each investigation is different and depends on the subject.
For example, in the case of an entrepreneur, a wealth of sensitive information can be found in commercial registers (addresses, telephone numbers, emails, etc.), especially since, in this field, websites specialising in business register data aggregation do not always censor certain highly sensitive data very well. It is therefore sometimes possible to retrieve fully legible scans of ID using a few well-chosen Google Dorks techniques.
The risk scenarios themselves depend on the client: the same data accessible online may pose a proven risk to one person but represent no threat to another.
For the rest, a digital fingerprint investigation is carried out using a ‘marker’ (name, username, telephone number, email address) which allows you to pivot using dedicated services such as Epieos or OSINT Industries, or open source scripts such as Maigret or OSR Framework, in order to uncover social media accounts linked to the subject and their relatives. To extract more data, it is also possible to use other technologies such as facial recognition services.
Once all this information has been collected, all that remains is to analyse its content. In particular, image analysis can be used to uncover a personal address that was not intended to be public and sometimes even documents containing sensitive data that can be read in photos without the owner’s knowledge.
Depending on the level of intensity desired by the client, searches can be conducted on the dark web to uncover any leaks of credentials or other sensitive data.
