Back to Blog

Digital Security — 6 April 2026 — 8 min read

OSINT — What a Complete Stranger Can Find Out About You in 10 Minutes

No hacking required. No special access. Just a name and a browser.

What OSINT means

OSINT stands for Open Source Intelligence — the practice of collecting information from publicly available sources. It is used legitimately by journalists, investigators, security researchers, and law enforcement. It is also used by scammers, stalkers, identity thieves, and anyone else with a browser and a motive.

The tools are free. The information is public. And most Australians have no idea how much of their life is findable with a basic search.

What can be found in under 10 minutes

Google search

Your name, employer, suburb, social profiles, news mentions, and any public forums you have posted on

LinkedIn

Full employment history, education, connections, location, and often your personal email and phone if listed

Whitepages / True People Search

Current and previous addresses, phone numbers, family members, estimated age

ASIC Connect

If you are a company director, your registered address and appointment history are public record

Domain registration (WHOIS)

If you have registered a website in your own name, your address and contact details may be publicly listed

Electoral roll

Your address as at the time of registration — available via the public roll in some circumstances

CoreLogic / RP Data

Property purchase price, sale date, and owner name for any property you have bought or sold

Who uses this information and why

The uncomfortable reality is that the same information is used by both legitimate and malicious actors. A due diligence check before a business meeting uses OSINT. So does a stalker tracking an ex-partner. So does a scammer building a convincing social engineering attack against your employer.

The information itself is neutral. The intent of the person searching is not. The only protection is reducing how much is available.

High-risk profiles

Some people carry significantly more risk than others:

  • Company directors and executives — ASIC records are public, addresses are often listed
  • Healthcare workers, teachers, and social workers — targeted by clients and families
  • People leaving difficult personal situations — domestic violence, acrimonious separations
  • High-net-worth individuals — property records, business interests, asset locations are all findable
  • Public-facing roles — journalists, politicians, real estate agents, lawyers
  • Anyone who has been involved in high-profile litigation or media coverage

What to do about it

The goal is not to become invisible — it is to raise the effort required to find you above the level that most people will bother with. Remove your data from the obvious platforms. Suppress your property records where possible. Use a PO Box or registered business address instead of your home address for any public-facing roles.

For the aggregated broker data — the Acxiom and ZoomInfo profiles, the people-search sites, the marketing lists — manual removal is the only effective approach. That is what we do.

See what is out there about you

Run a free breach check. Then take our Privacy Risk Assessment to understand the full picture of your exposure.

Free Breach Scan Privacy Risk Quiz
More articles