TheHelldesk.com

The Facebook Stalker

Everyone knows that having an online presence can be fun; but also dangerous if you piss off the wrong person. We're talking about stalkers... sometimes ex's... who decide they want to make life hell and screw with the person's co-workers.

I was recently, and repeated friended on Facebook. Now let me start by saying I keep my social media profiles separate from my own professional profile. Facebook is family, close friends and co-workers. Social media is everyone else; Digg, Twitter, Reddit... etc.

When I was friended by this person on Facebook I had no clue who is was. It stumped everyone in the office as most of them received friend requests. Slowly the person built a profile, becoming fans of things we were fans of. Branching out and friending others.

Last week a fake profile was made with the co-workers picture and name and tried to friend me. I already had this co-worker in my friends list so I was curious and I added the fake account. This truly peaked my curiosity. I assumed the role of a dumb tech. Asked for help and received a response from the person. Ultimately I was able to socially re-engineer the person to click on a blank page here at TheHelldesk.com and inadvertently be exposed to a tracking cookie I baked just for them.

I tracked down the douchebag's IP, provider and ultimately employer.

Again, curiosity was still in my system and I ventured to guess the initial unknown "friend" may be connected. I moved the file across to another of my domains, created a post for them to read and link to the same cookie. Social re-engineering again! Lo and behold; it's the same person.

Even though this douchebag believes he can outsmart everyone, he obviously wasn't ready for true social engineering.

Tips to tracking down a stalker:

• Have tools, or know someone who can use them, to put together a page with a tracking cookie.
• Gain the stalkers trust; socially engineer them to think you're not as bright as they think you are.
• Entice them, using something they like, to hit the page with your tracking cookie.
• Once you have the information, try tracking the information using a WhoisIP service; this will tell you the person's provider and, if a business, what business name it's registered to.

Basically don't give up trying, be cautious how you word any correspondence so you have a better chance of achieving your goal - them doing what you want them to do. And finally... Don't rush it. Take your time and do it right.