Digital footprints & Social Engineering
Introduction
You may have noticed that when you search for stuff on Google, you receive ads related to that search. For example, if you search for air tickets to Paris, you will receive ads for hotels in Paris in your email, browser, etc. Sometimes, when you go to the mall, you will start receiving ads related to sales in that very mall. How did these companies know that you were in the mall? When you enable Google to track your location, it will direct applicable advertisements towards you. It’s the same reason why you get directions and traffic alerts.
It is great to have this additional information which helps us get some discounts. You may also get notifications about the weather around you, which is helpful as it can tell you if it’s going to rain. Internet and Social media companies try to gather as much data as possible about their customers through various means like search history, watch history, location history, and much more. Many a time, these companies use these metrics to give you better and more personalized services. Unfortunately, your private data is now available to these companies and if fallen in the wrong hands, can risk your financial and personal freedom.
Your Identity
In today’s world, you have an identity on the web that you use when you shop on the web, renew your license, or pay your bills. If this identity is compromised, anyone in the world can impersonate you and do all the above things like you did without you knowing about it. They can also drain your bank accounts, use your credit card, and much more.
Passwords and MFA
In this connected world, where you can accomplish anything using your mobile or laptop, knowing how to manage your privacy and identity is critical. Bad actors across the world are looking for ways to take advantage. We may feel like our username and password are very strong because we are the only ones who know them. Unfortunately, our username and password are easy to guess since we use our kid’s names, birthdates, or sometimes even “12345678”. When was the last time you reset/change your password?
It is important to have a long (e.g., 14-character) password that is difficult to hack. Additionally, there is something called Multi-factor Authentication (MFA). This verification process does not just rely on your password for verifying but also uses your fingerprint or sends a PIN to your mobile to verify that it’s you who is trying to log in. Creating strong passwords or using MFA can reduce the probability of bad actors compromising your identity.
Social Engineering
Today, bad actors have devised multiple techniques to compromise your identity and to make you divulge your personal information to them, which is called social engineering. Social engineering involves inducing and manipulating individuals to give information or perform actions that can be used for illegitimate purposes. Some of the common ways are phishing, baiting, and using malware.
Phishing
Phishing involves using emails, websites, and IMs to steal sensitive information like SSNs and credit card numbers. A typical example would be impersonating your bank emails and requesting you to provide some personal information to accept new changes or benefits. They often ask you to click on a link and to provide your information. When you click on that fraudulent link and fill in the information, you inadvertently share your personal information, like your account number, date of birth, etc. The best thing to do when you get such emails is to go to the official website and log in from there. Never click on a link and put in all your information without first verifying it’s the official website or company.
Baiting
Baiting involves enticing the victim with rewards (or sometimes using charitable causes) and then coercing them to provide sensitive information. A typical example is when you receive an email about an unbelievable vacation deal, and there are only two tickets left. Victims sign up for this deal and provide sensitive information, which is then misused.
Malware is ransomware that is downloaded to your device when you click on a link to check out a website or download a free app. Malware can take control of your device and access your data. Then, that data can be used to take advantage of you. Once bad actors have your data, they will threaten to release your personal data unless you pay them.
Conclusion
All these techniques use common themes of fear, greed, curiosity, and urgency. These bad actors operate from any remote corner of the world with little to no oversight from local law enforcement. Hence, prosecuting them is very difficult. Social engineering is a broad and deep topic, but it is important to be aware of such risks. It is important to be protected from such bad actors as there is hardly anyone who can avoid going online every day.
On to the next.
-Akash Gaonkar-
