Choose pre-compromised persona and affiliated accounts

For attacks incorporating social engineering the utilization of an on-line persona is important. Utilizing an existing persona with compromised accounts may engender a level of trust in a potential victim if they have a relationship, or knowledge of, the compromised persona. [1] [2]

ID: T1343
Sub-techniques:  No sub-techniques
Tactic: Persona Development
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Possible to detect compromised credentials if alerting from a service provider is enabled and acted upon by the individual.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: It is relatively easy and low cost to purchase compromised credentials. Mining social media sites offers open source information about a particular target. Most users tend to reuse passwords across sites and are not paranoid enough to check and see if spoofed sites from their persona exist across current social media.


  1. PETER BRIGHT. (2011, February 15). Anonymous speaks: the inside story of the HBGary hack. Retrieved March 9, 2017.
  1. Marcus Habert. (2015, November 8). What Happens to Hacked Social Media Accounts. Retrieved March 28, 2017.