OSINT Reconnaissance
The collection of publicly available information about a target — from social media, company records, and other open sources — to plan and personalise an attack.
Also known as: open-source intelligence, OSINT, target reconnaissance
Last reviewed: 10 June 2026
Open-Source Intelligence (OSINT) reconnaissance is the research phase that precedes many targeted attacks. Attackers compile a detailed profile of an individual or organisation using freely available sources: social media profiles, company websites and press releases, domain registration records (WHOIS), LinkedIn career histories, job postings, news articles, and leaked data sets.
The information gathered is used to craft believable pretexts for phishing, impersonation calls, and social engineering. Knowing a target's employer, job title, manager's name, and recent activities allows an attacker to craft messages that feel personal and authoritative.
Consumers and employees should review their public social-media profiles and consider what information would be useful to an attacker. Organisations should be mindful of the information revealed in job postings and publicly facing technical documentation.
Examples
- An attacker uses LinkedIn to identify the CFO's name, their EA's name, and recent travel plans before crafting a highly personalised BEC email.
- An individual's house address is derived from domain WHOIS records before a vishing call is made.