Case Profile
To demonstrate how publicly available information can be aggregated to construct a detailed personal profile, this project uses a fully fictional subject. No real individuals were researched or identified. All names, details and scenarios are invented for educational purposes.
Subject Overview
Why This Subject Is Interesting
Miss Wednesday is not a celebrity or public official; she is an ordinary professional. However, her dual role as a teacher and social media influencer increases her digital footprint beyond what she may recognise. This makes her profile particularly vulnerable to OSINT analysis, where publicly available information can be used to reconstruct patterns of identity, behaviour, and risk.
The goal of this case study is not to expose or exploit; it is to illustrate how the accumulation of small, seemingly harmless details creates a comprehensive and potentially dangerous profile.
Simulated OSINT Collection
The following information was gathered from publicly available sources through simulated passive reconnaissance. No hacking or unauthorised access was used.
πΌ Professional Information
LinkedIn profile publicly lists employer (school name) and job title
Source: LinkedIn Β· Risk: Enables targeted phishing via guessed work emailCommon school email formats (e.g. firstname.surname@school.co.za) can be inferred from employer name
Source: LinkedIn + Google Β· Risk: Direct vector for phishing and impersonationπ± Social Media Activity
π Location Indicators
Location tags and check-ins identify home neighbourhood (Ballito), preferred gym, and school vicinity
Source: Instagram / Facebook Β· Risk: Physical tracking and stalkingBackground details in photos; street signs, distinctive buildings, recognisable intersections; allow map-based triangulation of home address
Source: Any visual content Β· Risk: Precise home or workplace locationConsistent posting times reveal routine: when she leaves home, arrives at work, trains at the gym
Source: Post timestamps Β· Risk: Predictable schedule enables physical ambush or burglaryπ Personal Data Exposure
Comments on posts or bio links hint at banking institution (e.g. SnapScan logo, specific payment handle)
Source: Instagram bio / comment sections Β· Risk: Targeted financial scams and smishingContact number or WhatsApp Business link sometimes included for gym enquiries
Source: Instagram bio / Facebook page Β· Risk: Direct contact vector for scammersRepeated username across platforms makes cross-referencing trivial
Source: Google search / Namechk-style lookup Β· Risk: Aggregation of all data into one profileRisk Analysis
The table below maps each piece of exposed information to its realistic threat scenario. None of these risks require sophisticated technical skill; only patience, observation, and the ability to connect dots across platforms.
β scroll to see more β
| Exposed Information | Potential Threat | Method | Severity |
|---|---|---|---|
| Work email format | Spear-phishing attack targeting school account | Crafted email impersonating a parent or admin | High |
| Children's school name | Social engineering via impersonation call | Caller poses as teacher or school official | High |
| Banking institution hint | Financial scam (fake SMS / email alert) | Smishing or vishing using real bank name | High |
| Home neighbourhood | Stalking or physical surveillance | Location tag analysis + photo background mapping | High |
| Daily routine & schedule | Burglary when home is predictably empty | Timestamp analysis of posts | High |
| Gym location & check-ins | Physical approach or harassment | Cross-referencing location tags with schedule | Med |
| Contact number (gym) | Direct scam calls / WhatsApp phishing | Cold contact using personal detail as lure | Med |
| Repeated usernames | Full cross-platform profile aggregation | Simple username search across platforms | Med |
| Photo backgrounds | Geolocation of home or regular locations | Reverse image search + Google Street View | LowβMed |
π Key Insight
No single data point here is alarming in isolation. A school name, a gym check-in, a payment handle; individually these seem trivial. The danger lies in aggregation: when combined, they form a profile precise enough to enable real-world harm. This is the core principle of OSINT threat analysis.
Exposure Overview
Risk Distribution by Category
Exposure Severity by Risk Type
Protection Recommendations
Most of the risks identified in this case study are preventable without abandoning social media entirely. The following practices significantly reduce the attack surface available to a potential threat actor.
Account Privacy
- Set personal accounts to private
- Separate personal and business profiles
- Audit follower lists regularly
- Restrict who can see tagged photos
Location Awareness
- Disable automatic location tagging
- Post check-ins after leaving, not on arrival
- Be aware of background details in photos
- Avoid establishing predictable schedules
Family Protection
- Never share children's school name publicly
- Avoid posting identifiable school uniforms
- Limit photos of children to trusted contacts
- Don't post pickup/dropoff routines
Digital Hygiene
- Use unique usernames per platform
- Remove contact details from public bios
- Use a business email for public enquiries
- Regularly Google yourself
Financial Safety
- Avoid referencing your bank publicly
- Use a separate payment link for business
- Be cautious of unsolicited contacts citing personal details
Mindset Shift
- Ask: "What could someone infer from this post?"
- Think in patterns, not just single posts
- Assume a motivated stranger may be watching
- Visibility is not the same as safety
Quick-Reference Protection Checklist
β scroll to see more β
| Action | Platform | Difficulty | Impact |
|---|---|---|---|
| Switch to private account | Instagram, TikTok | Easy | High |
| Remove location from bio | All platforms | Easy | Med |
| Disable photo geo-tagging | Phone settings | Easy | High |
| Change username consistency | All platforms | Moderate | Med |
| Audit tagged photos | Facebook, Instagram | Moderate | Med |
| Separate business/personal profiles | Instagram, Facebook | Moderate | High |
Conclusion
This case study demonstrates how an ordinary, non-famous individual with an active social media presence can become the subject of a detailed intelligence profile, built entirely from public, freely accessible information. No accounts were compromised. No illegal tools were used. Only observation, cross-referencing, and pattern recognition.
Miss Wednesday is not unusual. Millions of people share the same digital behaviours: fitness check-ins, family milestones, workplace updates, relationship posts. Each one is harmless in isolation. Collectively, they paint a picture detailed enough to enable phishing, scamming, stalking, and social engineering.
The principles explored here are fundamental to both offensive OSINT (how investigators or threat actors build profiles) and defensive OSINT (how individuals and organisations reduce their exposure). Understanding one requires understanding the other.