惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

有赞技术团队
有赞技术团队
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
C
Cisco Blogs
The Hacker News
The Hacker News
T
Threatpost
S
Schneier on Security
K
Kaspersky official blog
Spread Privacy
Spread Privacy
博客园_首页
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
NISL@THU
NISL@THU
量子位
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google DeepMind News
Google DeepMind News
Security Latest
Security Latest
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
博客园 - 叶小钗
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
News and Events Feed by Topic
爱范儿
爱范儿
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
Project Zero
Project Zero
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Cisco Talos Blog
Cisco Talos Blog
GbyAI
GbyAI
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Apple Machine Learning Research
Apple Machine Learning Research
T
Tenable Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
Forbes - Security
Forbes - Security
博客园 - 三生石上(FineUI控件)
C
Cyber Attacks, Cyber Crime and Cyber Security
N
News and Events Feed by Topic
V
V2EX
Webroot Blog
Webroot Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Blog — PlanetScale
Blog — PlanetScale
M
MIT News - Artificial intelligence
Scott Helme
Scott Helme
Simon Willison's Weblog
Simon Willison's Weblog
L
LangChain Blog
W
WeLiveSecurity
Cloudbric
Cloudbric

WeLiveSecurity

Supply chain dependencies: Have you checked your blind spot? Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ As breakout time accelerates, prevention-first cybersecurity takes center stage Digital assets after death: Managing risks to your loved one’s digital estate This month in security with Tony Anscombe – March 2026 edition RSAC 2026 wrap-up – Week in security with Tony Anscombe A cunning predator: How Silver Fox preys on Japanese firms this tax season Virtual machines, virtually everywhere – but not all protected Cloud workload security: Mind the gaps Move fast and save things: A quick guide to recovering a hacked account EDR killers explained: Beyond the drivers Face value: What it takes to fool facial recognition Cyber fallout from the Iran war: What to have on your radar Sednit reloaded: Back in the trenches What cybersecurity actually does for your business How SMBs use threat research and MDR to build a defensive edge Protecting education: How MDR can tip the balance in favor of schools This month in security with Tony Anscombe – February 2026 edition Mobile app permissions (still) matter more than you may think Faking it on the phone: How to tell if a voice call is AI or not PromptSpy ushers in the era of Android threats using GenAI Is Poshmark safe? How to buy and sell without getting scammed Is it OK to let your children post selfies online? Naming and shaming: How ransomware groups tighten the screws on victims Taxing times: Top IRS scams to look out for in 2026 OfferUp scammers are out in force: Here’s what you should know A slippery slope: Beware of Winter Olympics scams and other cyberthreats This month in security with Tony Anscombe – January 2026 edition DynoWiper update: Technical analysis and attribution Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan Drowning in spam or scam emails lately? Here’s why ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 Children and chatbots: What parents should know Common Apple Pay scams, and how to stay safe Old habits die hard: 2025’s most common passwords were as predictable as ever Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Is it time for internet services to adopt identity verification? Your information is on the dark web. What happens next? Credential stuffing: What it is and how to protect yourself This month in security with Tony Anscombe – December 2025 edition A brush with online fraud: What are brushing scams and how do I stay safe? Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Threat Report H2 2025 Black Hat Europe 2025: Was that device designed to be on the internet at all? Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece The biggest catch: How whaling attacks target top executives Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture MuddyWater: Snakes by the riverbank This month in security with Tony Anscombe – November 2025 edition What parents should know to protect their children from doxxing Influencers in the crosshairs: How cybercriminals are targeting content creators MDR is the answer – now, what’s the question? The OSINT playbook: Find your weak spots before attackers do PlushDaemon compromises network devices for adversary-in-the-middle attacks What if your romantic AI chatbot can’t keep a secret? Can password managers get hacked? Here’s what to know Why shadow AI could be your biggest security blind spot In memoriam: David Harley The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET APT Activity Report Q2 2025–Q3 2025 Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Ground zero: 5 things to do after discovering a cyberattack This month in security with Tony Anscombe – October 2025 edition Fraud prevention: How to help older family members avoid scams Cybersecurity Awareness Month 2025: When seeing isn't believing Recruitment red flags: Can you spot a spy posing as a job seeker? How MDR can give MSPs the edge in a competitive market Cybersecurity Awareness Month 2025: Cyber risk thrives in the shadows Gotta fly: Lazarus targets the UAV sector SnakeStealer: How it preys on personal data – and how to stay safe Cybersecurity Awareness Month 2025: Building resilience against ransomware Minecraft mods: When ‘hacking’ your game becomes a security risk IT service desks: The security blind spot that may put your business at risk Cybersecurity Awareness Month 2025: Why software patching matters more than ever AI-aided malvertising: How chatbots can help spread scams How Uber seems to know where you are – even with restricted location permissions Cybersecurity Awareness Month 2025: Passwords alone are not enough The case for cybersecurity: Why successful businesses are built on protection Beware of threats lurking in booby-trapped PDF files Manufacturing under fire: Strengthening cyber-defenses amid surging threats New spyware campaigns target privacy-conscious Android users in the UAE Cybersecurity Awareness Month 2025: Knowledge is power This month in security with Tony Anscombe – September 2025 edition Roblox executors: It’s all fun and games until someone gets hacked DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception Watch out for SVG files booby-trapped with malware Gamaredon X Turla collab Small business, big risk: How SMBs can fight back against ransomware HybridPetya: A Petya/NotPetya copycat comes with a twist Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass Are cybercriminals hacking your systems – or just logging in? Preventing business disruption and building cyber-resilience with MDR Under lock and key: Safeguarding business data with encryption GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes This month in security with Tony Anscombe – August 2025 edition Don’t let “back to school” become “back to bullying”
Oversharing is not caring: What’s at stake if your employees post too much online
Phil Muncaster · 2025-12-01 · via WeLiveSecurity

Social Media

From LinkedIn to X, GitHub to Instagram, there are plenty of opportunities to share work-related information. But posting could also get your company into trouble.

01 Dec 2025  •  , 5 min. read

Oversharing is not caring: What’s at stake if your employees post too much online

Employee advocacy has been around as a concept for over a decade. But what started out as a well-intentioned way to enhance corporate profile, thought leadership and marketing, also has some unintended consequences. When professionals post about their work, their company and their role, they’re hoping to reach likeminded professionals, as well as prospects and partners. But threat actors are also paying attention.

Once that information is in the public domain, it is often used to help build convincing spearphishing or business email compromise (BEC)-style attacks. The more information, the more opportunity for nefarious activity that could end up hitting your organization hard.

Where are your employees sharing?

The main platforms for sharing such information are the usual suspects. LinkedIn is perhaps the most obvious. It could feasibly be described as the largest open database of corporate information in the world: a veritable treasure trove of job titles, roles, responsibilities and internal relationships. It’s also where recruiters post job listings, which may overshare technical details that can be leveraged later on in spearphishing attacks.

GitHub is perhaps better known in a cybersecurity context as a place where absent-minded developers post hardcoded secrets, IP and customer details. But they might also share more innocuous information about project names, CI/CD pipeline names and information on what tech stacks and open source libraries they’re using. They might also share corporate email addresses in Git commit configurations.

Then there are the classic consumer-facing social platforms like Instagram and X. This is where employees are likely to share details on their travel plans to conferences, and other events which could be weaponized against them and their organization. Even information on your company website could be useful to a would-be fraudster or hacker. Think: details on technical platforms, vendors and partners, or major corporate announcements such as M&A activity. It could all provide a pretext for sophisticated phishing.

RELATED READING: Is your LinkedIn profile revealing too much?

Weaponizing information

The first stage of a typical social engineering attack is intelligence gathering. The next is weaponizing that intelligence in a spearphishing attack designed to trick the recipient into unwittingly installing malware to their device. Or potentially to sharing their corporate credentials for initial access. This could be achieved via an email, text or even a phone call. Alternatively, they might use information to impersonate a C-level executive or supplier in an email, phone or video call requesting an urgent wire transfer.

These efforts usually require a blend of impersonation, urgency and relevance. Here are some hypothetical examples:

  • An adversary finds LinkedIn information on a new starter in an IT role at company A, including their core role and responsibilities. They impersonate a key tech vendor claiming that an urgent security update is required, referencing the target’s name, contact details and role. The update link is malicious.
  • A threat actor finds information on two colleagues in GitHub, including the project they’re working on. They impersonate one in an email asking the other to review an attached document, which is booby-trapped with malware.
  • A fraudster finds a video of an executive on LinkedIn, or a corporate website. They see on that target’s Instagram/X feed that they’re going to be presenting at a conference and will be away from the office. Knowing that the exec may be hard to contact, they launch a deepfake BEC attack using video or audio, to trick a finance team member to wire some urgent funds to a new vendor.

Cautionary tales

The above are only hypotheticals. But plenty of real examples exist of threat actors using “open source intelligence” (OSINT) techniques in the early stages of attacks. They include:

  • A BEC attack which cost Children's Healthcare of Atlanta (CHOA) $3.6m: Threat actors likely scoured press releases about a newly-announced campus, to find out more details including the hospital’s construction partner. They would then have used LinkedIn and/or the corporate website to identify key executives and finance team members of the construction firm involved (JE Dunn). Finally, they impersonated the CFO in an email to the CHOA finance team requesting they update their payment details for JE Dunn.
  • Russia-based SEABORGIUM and Iran-aligned TA453 groups use OSINT for reconnaissance ahead of spearphishing attacks on pre-selected targets. According to the UK NCSC, they use social media and professional networking platforms to “research their [targets’] interests and identify their real-world social or professional contacts.” Once trust and rapport have been established over email, they send a link to harvest victims’ credentials.

Stop the share? How to mitigate spearphishing risk

The risks of oversharing are real, but fortunately the remedies are straightforward. The most potent weapon in your armory is education. Update security awareness programs to ensure that all employees, from executives down, understand the importance of not oversharing on social media. In some cases, this will require a careful rebalancing of priorities, away from employee advocacy at all costs. Warn staff to avoid sharing via unsolicited DMs, even if they recognize the user (as their account may have been hijacked). And ensure they can spot phishing, BEC and deepfake attempts.

Back this up with a strict policy on social media use, defining red lines on what can and can’t be shared, and applying clear boundaries between personal and professional/official accounts. Corporate websites and accounts may also need to be reviewed and updated to remove any information that could be weaponized.

Multi-factor authentication (MFA) and strong passwords (stored in a password manager) should also be a given across all social media accounts, in case professional accounts are hijacked to target colleagues.

Finally, monitor publicly accessible accounts where possible for any information that could be leveraged for spearphishing and BEC. And run red team exercises against employees to test their awareness.

Unfortunately, AI is making it faster and easier than ever for threat actors to profile targets, collect OSINT and then craft convincing emails/messages in perfect natural language. AI-powered deepfakes increase their options yet further. The bottom line should be, if it’s in the public domain, expect a cybercriminal also knows about it … and will come knocking soon.


Let us keep you
up to date

Sign up for our newsletters