How much information do you post about yourself online?
If you work in the business world, you are likely pretty careful in terms of your personal information posts. You probably use two-factor authentication, have a difficult-to-guess password, and maybe even hire a company like ComSec to check if you have cyber eavesdropping devices or vulnerabilities in your home. But here is the scary thing for individuals, a crafty hacker can compromise your personal privacy by simply getting access to just a few pieces of personal information.
How Much of Your Info is Online?
Social media networks like Twitter and Facebook crave information. That’s their entire bread and butter. They want you to share as much as possible to increase engagement. That’s why they encourage you to post every online purchase you make, every restaurant you eat at, and check into every location you visit. You might think that kind of information is unimportant. It’s just fun to share, right? Well, that all depends on who you are sharing it with.
A good rule of thumb is, if you post it online, everyone has access to it. Yes, you can alter your privacy settings, but bits and pieces of information will likely to get through. Even if you are super reluctant about sharing anything online, what about your family? All they have to do is go to a restaurant with you, tag you in a photo, and bam, that piece of information is online forever.
This isn’t even accounting for the incredible amount of data out there about you on public websites, online directories, ancestry websites, high school reunion groups, data repositories, or even online obituaries.
In the wrong hands, all of those silly little pieces of info can compromise your entire life.
While cybersecurity is rapidly evolving every day to meet the challenges of new threats, you know what isn’t? Phone support. Yes, telephone service is the weak link in the cybersecurity chain. Unlike other forms of cybersecurity, the phone service that most businesses offer only uses a few, easily-accessible pieces of information to give you full access to your account. Let’s go back to all of that “incidental” info we were talking about earlier.
Imagine that you buy a brand-new sofa at a store and proudly post photos of it online. Well, through social engineering, a malicious hacker can use that information to get your contact information. They only need to call the furniture store you bought the sofa at, pretending to be your spouse. They claim that you are thinking about buying a chair to go with the couch, but you recently moved and they want to “make sure” that the furniture store has the “right” address and phone number on file. Bam, they now have your contact information.
Using that, they can utilize easily-accessible software that can “spoof” your phone number, making it appear like a call from their cell is actually from yours. Voice-altering software is also available that can make changes to the tone of their voice to match your gender. Now all they need is your birthday (which is usually readily available on most social media profiles), and they can call any company in the world and pretend to be you. They will have your contact information, the number calling with match yours, and they can even “verify” your identity with your birth date and zip code.
If you want to see this in action, check out this article from CNN where a reporter hires a hacker to “hack” his life in real-time, right in front of him.
Now, how terrifying is that?
What Can You Do About It?
In this kind of situation, information is knowledge, and knowledge is power. You need to know what kind of information about you is readily available online. You can’t just trust that Facebook’s privacy account settings are taking care of it for you.
These exact situations are the reason why ComSec offers OSINT personal data scans. You provide us with a specific concern and we research open-source information about you related to this concern. Once we have it, we will deliver a report to you, laying out the data we’ve found and where it was accessed. Depending on the information sources, we might even be able to perform data removal services on your behalf. Just knowing where your data lives online is a valuable tool to make improvements in your personal safety and give you peace of mind.
If you’d like to learn more about some of the dangers out there to your personal privacy, both online and off, we invite you to check out the ComSec blog. If you want to get control of the information about you that is floating around online, please feel free to contact us today!
About the Author:
J.D. LeaSure, CCISM, is the President / CEO of ComSec LLC, a global provider of world class counterespionage and TSCM / Cyber TSCM™ services. www.ComSecLLc.com