قالب وردپرس درنا توس
Home / Tips and Tricks / How to spot fake companies and find CEO & # 39; s signature with OSINT «Null Byte :: WonderHowTo

How to spot fake companies and find CEO & # 39; s signature with OSINT «Null Byte :: WonderHowTo



Companies leave paper marks for almost every activity they do, making it easy for a hacker or investigator to dig up everything from business licenses to the signature of a CEO if they know where to look. To do this, we will look at the databases of government organizations and private companies to find out everything about companies and the people behind them.

You can probably imagine why it might be useful to find out if a company is real or not. It can also be useful to check if a certain person works for a company that they say they do. Although this information almost always exists, it is usually not accessible with a simple Google search. Much of this information is in databases for which you must submit searches to discover it.

Background Checking a company

To be a good researcher, we need to figure out where the information is and what search terms we should use to extract it. Whether we are trying to reinvent the company whether it is legitimate, or are looking for a target to send the perfect phishing email to, there are many reasons why this information can be useful.

If you want to know that a business is legitimate, the best place to start is to delve into their licenses and key figures. Finding proof of a permit is a positive sign and will also lead to the names of the employees and officers mentioned on those documents. By finding these official documents, you can cross-check information to look for inconsistencies or patterns, such as the same people or addresses used to similarly register unrelated companies.

Create the perfect phishing e-mail

If you are a penetration tester, business research can take a more offensive turn by looking for the people, documents, and opportunities needed to get the perfect phishing e-mail. make mail. Getting a high-level supervisor to do something he shouldn't do, such as opening a PDF from a stranger, can be done if the file is one that the hacker knows his purpose expects.

If we have a malicious PDF for someone who opens it in a company, we must first know a few things. First we have to identify the people who deal with the paperwork and others they talk to to do their job. We also need to know that the document they expect to see looks like, preferably by first finding a scanned version online.

With the right information, we can compile a phishing e-mail to the right employee who looks like a document expected from someone they trust. By digging, we can even add the signatures of other executives to make our PDF even more convincing.

Let's see what we can dig up.

What you need

To follow this guide, you only need an internet connection and browser. The great thing about OSINT is that we don't need a lot of resources for it, and we can often rely on smart search terms or a well-formulated original question to extract the information we need.

Step 1: IntelTecniques Business Tools

Navigate to the IntelTechniques website and click on the "Business" menu to display the "Business Resources" option. Click to navigate to the page with company resources.

Here we find a number of valuable tools for finding information about companies. We will use this page as a reference for links and will return to it later.

To begin, you see the list of secretaries of state business search websites for each state. We start our search on these links.

Step 2: Select a target and search status database

Our target today is Equifax. We start by trying to find out in which state they do business. Because the state of California is huge and requires a lot of paperwork to do business, it's a good guess that if the company you're looking for is big, they do business and have papers there.

Navigate to the California State Secretary page for business search, which allows you to search for documents from any company doing business in the state of California. Enter your search term and select a company for larger companies and an LLC for smaller companies. If you do not get a result the first time, run the search again with the other option.

The results should link to business documents, and here we will see that there is only one active entry for Equifax. We now know in which state we can find more information in Georgia.

By clicking on the active list, we can see information about the submission, including an exact address. We can also view PDF files of documents that they have submitted.

Step 3: Search for Signatures in Documents

To find signatures, we can take a look at the documents we have found . The second document that we find not only contains a signature, but also the name of everyone who is important in the company.

We have already achieved some of our goals now that we know who does the paperwork, but we still need to know who we should and to which e-mail address to send it. For that we go to another data source.

Step 4: Opencorporates.com Search

Back on the IntelTechniques page we click on the link to OpenCorporates.com. With this site we can search business documents, not only in one state, but in all states at the same time. While this may seem useful, it can quickly become overwhelming if we don't know where to look first.

Searching for "Equifax" yields more than 700 results! To reduce this, we can tick "exclude inactive" to remove entries from companies that are no longer active, which reduces the number to 373. But if we filter to include only companies in Georgia, we are only 21. [19659034] How to recognize fake companies and find the signature of CEO & # 39; s with OSINT ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>

Within this list of 21 companies, a company named Equifax looks interesting. When we click on it, we see the same name of the employee that we previously saw on the company information. We can also click on the employee's name and perform a search on LittleSis.org to find more documents that list them.

The same name, plus the same address as the other archives, means that this company is connected to Equifax's head office. At the bottom we see a link to a register page in Georgia.

If we follow the link, we see a listing for this business entity that also has a link to the archive history. This link leads to scanned documents that have been used fairly recently to create this company.

Finally we get what we are looking for! In the only document that is uploaded with this message, we receive an e-mail address, name and other information about the people responsible for the paperwork. We now know the e-mail addresses and phone numbers of both people who need to contact each other about submitting papers, and we have enough information to prepare a reasonably targeted phishing e-mail.

These details should be sufficient to phish some high-ranking employees. If we have to dig further, there is another tool that we can use to dig deeper into the people behind the company.

Companies are an Easy Target for OSINT Research

Unlike individuals who have some expectation of privacy, companies generate paperwork with almost everything they do. This makes researching them a piece of cake for hackers or anyone who needs to verify a company or manager, provided that you look in the right database. You need to know what information there is about each company you work with before you open a suspicious email at work, especially if it contains an attachment such as a PDF.

I hope you enjoyed this guide to using OSINT techniques for business research! If you have any questions about this tutorial on business research, please leave a comment and feel free to reach me on Twitter @KodyKinzie .

Don't miss it: Capturing WPA passwords by targeting Users with a Fluxion attack

Cover photo by maxkabakov / 123RF, screenshots by Kody / Null Byte (unless otherwise stated)


Source link