OSINT: what a stranger can find out about you (and how to reduce your exposure)
You'd be surprised what a stranger can find out about you… without ever contacting you.
A few open searches, a few cross-references, and sometimes a single email address are enough to build a surprisingly accurate profile. That's exactly how OSINT (Open Source Intelligence) works.
👉 Contrary to popular belief, OSINT isn't reserved for investigators or intelligence teams. It's also an excellent way to assess your own digital exposure.
🎯 A real-world case
Spear-phishing made credible by public info
During a spear-phishing campaign, an executive received an email that looked perfectly legitimate. Why? Because the attacker had collected several pieces of publicly accessible information.
« The email looked credible, personalised and perfectly tailored to their situation. That's often what makes targeted attacks so effective. »
- →Their job and company via LinkedIn
- →Their interests via an old forum
- →Professional information shared across various networks
- →Some personal details publicly visible
🔍1. Run your own OSINT audit
👉 Search your name, your handles and your email addresses. You might be surprised by what is still visible.
- Search for yourself like an attacker would
- Note what should disappear
🧩2. Compartmentalise your digital identities
👉 Use distinct email addresses by purpose.
- Work / personal / online services
- Separate temporary sign-ups and tests
🔒3. Review your privacy settings
👉 LinkedIn, Facebook, X, Instagram… Most of us publish more than we think.
- Limit public visibility
- Check what non-contacts can see
🧹4. Reduce your digital footprint
👉 Delete old unused accounts and request data removal where possible.
- Less accessible info = less to exploit
- Disable what you no longer use
💬 My advice
15 minutes this week
Take 15 minutes this week. Simply type your name, your email address or your main handle into a search engine, and look at the results through an attacker's eyes.
« You'll probably uncover information you had long forgotten about. »
- →Adopt the attacker's perspective
- →Identify possible cross-references
- →Prioritise what makes social engineering easier
🧠 What about you?
OSINT isn't just for investigators: it's a mirror of your exposure.
✔ Audit yourself regularly
✔ Compartmentalise your identities
✔ Tighten your privacy settings
✔ Reduce your footprint
The less material there is, the harder a targeted attack becomes.
Have you ever run an OSINT audit on yourself? What was your biggest surprise?
Need personalised guidance?
NagaShield Security helps you implement these measures concretely, tailored to your organisation and budget.
Request a free diagnostic