Personal Information Anyone Can Learn on the Internet
When you think of people collecting personal information about you, you probably think about the data leaked in corporate data breaches and information for sale on the Dark Web. But have you ever wondered what kind of information the average person could learn about you on the Internet?
The Internet can make social engineering a past time for some, or a dangerous cybercrime conduit for others. In this post, we’ll discuss some of the ways you might be giving away your personal information without even realizing it.
Where You Go
When you upload your photos to iCloud or other storage, have you ever noticed that it knows when and where some pictures were taken? If so, you probably thought that it was some feature of taking a picture on the smartphone and it remembering where the image was taken, right?
Actually, the file where the photo is stored includes a little bit of data with it called EXIF data. If the camera has a GPS and isn’t configured not to, it will determine the location and time the picture was taken and store that information. While this may be useful for scrapbooking, it’s not great for personal security. Have you ever posted a picture of the family barbecue to social media? If so, you’ve announced where you live to anyone who wants to know.
Who You Know
Social media is great for keeping up with friends and family and seeing the latest cat videos, but it does give away a lot about you. While you might have your profile locked down so that no-one but your friends can see anything, can you say the same for your friends? Consider what uses a hacker could have for the information that you’re connected to someone else. If your friend has a public profile or is connected to an attacker, they can see your friend’s connection to you and use that information in a phishing email or to help narrow down results in some of the other search methods described below.
Where You’ve Lived
Have you ever had a security question asking which street you lived on when you were born? Or a current zip code? If so, you probably figured that no one would be able to find that information, so it’s probably safe to answer.
Now, take a second and visit spokeo.com. Type in your first and last name and scroll through the results. Odds are, you’ll find a record summarizing your address history since you’ve been an adult, your age, and your immediate family. And this is only the information available in the free version. This and other sites allow users to access even more information for a one-time fee or monthly subscription.
While it may not have childhood addresses (since they would be in your parents’ names), the relatives feature makes it easy for someone to determine your parents’ names and their addresses. Addresses aren’t a good security question to answer and a caller knowing your address doesn’t mean that they’re legitimate.
Where You Work
LinkedIn is a wonderful website for networking and finding a job, but have you ever considered the value of the information that you’re freely sharing? While most of your information is limited to people closely connected to you, some information is available to anyone who wants to look.
Included in this is your current title and company (or that you’re looking for work). While this might not seem like much, it can be extremely valuable to a hacker. Knowing where you work and your position makes it possible to craft a phishing email. By searching for other employees at your company, they can find names to drop to make their email to you more plausible (or, conversely, drop your name in conversation with your co-worker).
Workplaces are also useful because they imply location information about you. Many companies only have one or two offices, allowing an attacker to narrow down your location to a small set of possible geographic areas. Combining that with the results provided by services like Spokeo can allow an attacker to move quickly from a completely unknown target to detailed information about you and your family.
Your Public Records
A lot of personal information is public record with your privacy mainly depending on the fact that most people don’t know where to look or don’t want to make the effort. At the least, your home address is probably available if you are a registered voter in the United States.
If you want to know what information is available about you as part of the public record, check out blackbookonline.info. It is a project devoted to scanning as many public records as possible to enable people to know what is or is not available for review in-person.
In this post, we’ve described several ways in which someone could learn your personal information using publicly accessible and legal means. So what should you do about it?
In some cases, you can cut off access to further personal information by changing some habits and being cautious on social media. Some things, like public records, are outside your control.
The best defense against attackers using public information against you is for you to think like a hacker and beef up your cybersecurity habits in general. By improving security questions, using strong passwords and multi-factor authentication, and adopting a security-focused mindset when dealing with unsolicited communications (via email, phone, mail, or in person), you can minimize the damage that public information can do to your personal security.
Being cybersecurity aware benefits both individuals and companies. Sword & Shield offers security awareness training and social engineering services to organizations trying to improve their security posture.