Today, many businesses showcase their team and structure online to build credibility and foster trust. Whether it’s a team page on your website, updates on LinkedIn, or online directories, these platforms often include detailed information about key staff – job titles, email addresses, and even mobile numbers.
But while this visibility may be good for marketing, it can quietly expose your business to risk. Cybercriminals are watching too – and they know exactly how to use this data against you.
Why Job Roles Attract Targeted Attacks
Modern cyber threats are rarely random. Attackers are strategic, often focusing on individuals based on their role within the business. Think HR, Finance, IT, or Operations – teams with access to sensitive data or systems. By using publicly available job titles, names and contact details, attackers can craft highly convincing phishing emails or impersonation attempts.
If your CFO’s name and contact info are listed online, for example, an attacker might pose as them to request a fund transfer from your finance assistant. The more context they have, the more believable the message.
The Problem with Web Scraping and the Dark Web
Automated tools can scan your website or LinkedIn page to harvest contact information and structure charts at scale. This data is often packaged and sold on the dark web, ready to be used in phishing campaigns, impersonation attempts or even CEO fraud.
Once your internal hierarchy is mapped out, it becomes easier for cybercriminals to simulate internal conversations or pressure junior team members into making high-stakes decisions.
The Risk of Sharing Job Announcements on LinkedIn
Celebrating a promotion or new role on LinkedIn is standard practice – and often encouraged. But it’s also a signal to attackers.
When you post publicly about a new role, you may unknowingly:
- Highlight a new target (especially if the role is senior or access-sensitive)
- Indicate internal change, which attackers can exploit for impersonation
- Open yourself up to tailored phishing attacks disguised as onboarding or supplier requests
Cybercriminals often monitor LinkedIn for such announcements, then follow up with carefully timed attacks while the new hire is still learning the ropes.
Real-World Examples: M&S, Co-op, Harrods and Adidas
Recent cyberattacks on high-profile UK retailers – including Marks & Spencer, the Co-op, Harrods, and Adidas – have shown how damaging these tactics can be. Customer data was exposed, services were disrupted, and internal systems had to be temporarily locked down.
These incidents weren’t random – they took advantage of publicly accessible information and known vulnerabilities to bypass trust and gain access. It’s a timely reminder that even seemingly harmless data, like who does what in your company, can be used to devastating effect.
If this sounds uncomfortably familiar, it’s worth taking a deeper look at your cyber defences.
We explore these breaches in more detail here.
What Can Your Business Do?
Review What You Share Publicly
- Replace personal contact details with shared inboxes (e.g. info@ or finance@)
- Limit team bios to first names and departments
- Consider publishing leadership roles without listing all operational contacts
Train Teams Based on Risk
Staff in high-risk roles should receive cyber security training tailored to threats like impersonation and spear-phishing.
Strengthen Your Technical Defences
- Use email security tools and multi-factor authentication
- Monitor the dark web for leaked credentials or references to your domain
- Deploy endpoint protection and keep systems up to date
See how our IT security services support this.
Keep Devices Updated
Regular restarts help install critical updates – especially following monthly patch releases from Microsoft and Adobe. We recommend making this part of your internal IT policy.
Stay Informed. Stay Protected.
You don’t need to scrub your entire online presence, but understanding how job role data can be weaponised is key. Cybercriminals are looking for the easiest way in – and often, that starts with a name, a title, and an email address.
If you’d like help reviewing your digital footprint, boosting your team’s cyber awareness, or locking down key systems, Dr Logic is here to support you. Whether you’re on Apple or a mix of Apple and Windows devices, we’ve got you covered.
Book a free 30-minute call with us today to discuss how to tighten up your cyber security.
