Why you should be Smart when sharing your personal information on the Internet
I have to admit, it has been fun seeing the lists of "25 Random Things" and "25 Things About Me" that have been circulating recently through email, Facebook and the like. Some were funny, others were touching and I want to thank everyone for sharing. I have thought about responding with my own list, and after some consideration, I decided that my gift back to you is a list of things (not quite 25 things) to keep in mind when sharing personal information on the Internet.
Social Engineering— What is it? It is a way of gathering confidential information about you in a seemingly innocent way. There are a range of tactics—from the simple email asking for your bank account information in order to deposit millions in inheritance money, to more complex and subtle forms of manipulation, all planted with the sole purpose of gathering your personal information. Even though you may not be fooled into allowing open access to your bank account, an attacker can take the bits and pieces of personal information you provide to formulate a way to gain access to your computer, or any of your online accounts.
Breakdown of Social Engineering— There are many forms of Social Engineering, so I've highlighted a few below:
Pretexting—This is lying to someone to get personal information; often the lie is in the form of an invented scenario that seems legitimate enough for the victim to offer their information.
Phishing (tricking someone into disclosing personal information)—Often this comes in the form of an email requesting that the recipient update personal information such as password and credit card information by replying to an email or through a web site.
"Phone phishing"—This happens when an email directs a victim to call a number to change their personal information (PIN, password, etc.) by speaking to a phony call center representative. They are tricked into revealing their personal information to the criminal on the other end.
IVR * phishing—This is similar to phone phishing and can be even more deceptive—the victim in this case provides personal information to an *Interactive Voice Response system that detects voice and keypad inputs which are then captured and stored by the criminal.
Baiting—An attacker may try to entice the end user to inadvertently infect their machine or expose their credentials by having the user click on an intriguing email or logo. Or, a strategically placed piece of media such as a USB card or DVD can be easily picked up and inserted into the user's computer unknowingly launching a malware and infecting the entire computer.
Quid pro quo ("something given or received for something else")—Think twice before getting help from a stranger. An attacker may reach out to a victim to give something, say, assistance with a computer, in exchange for taking the victim's information, like the machine's password.
Viral Nature of the Web—Once you are on the Internet, you are connected to more people than you realize. This is good, bad and ugly. The good: It's convenient to connect with friends and colleagues to get useful information easily and often instantaneously, without even having to leave the house! The bad: There are a lot of people out there that you don't know who can be watching you with mal-intent. The ugly: Just as fast as your circles of social networks can grow, your computer, your accounts and your identity can be compromised equally as fast, or even faster!
Names of Your Loved Ones—Be careful about sharing the names of your pets or loved ones—especially if you use any part of their names in your user name and/or passwords. Hackers are smart and will start with these names to decipher the credentials to any of your online accounts—including bank accounts! And these hacking abilities are not limited to your credentials; they can be used to decode the "challenge questions" often used when changing a password or requesting a credential reminder email notification. Often times the challenge questions are about your pet or family, thus providing an easy way for a hacker to attain your credentials—the hacker tells the web site that they "lost" your credentials, and then they can obtain them by answering the challenge questions correctly!
Stay Away from Strangers—The mantra is engrained in children all the time, so why forgo this advice in adulthood? The whole point of social media outlets is to connect with old friends and possibly meet some new ones. But you don't have to accept a "friend request" of someone you neither know nor want to know. Some friend requests can come from "false friends" (aka potential hackers) so be wary of these trolls, they might be "friending" you just to gain access to your personal information.
Chain Emails—Fun or annoying? You decide. But before you reply to the group of people in the chain email, take a look at the addresses and ask yourself if you know and trust everyone on the distribution list. As with the advice about "false friends," don't communicate with strangers in a chain email.
Personal Information on Social Sites—There are a number of reasons why you should be careful how you disseminate personal information on the Internet—one obvious reason is that you might not want a future employer to see you partying like a rock star, so to speak. What you might not realize, is that once the information is on the web, it is always there for the whole world to see. That's because information is cached (kept and saved) for a long time—maybe even forever! Yet if you feel so compelled to post pictures from your Friday night rendezvous, consider organizing your social media site to only allow a select group of people to see those photos—and just hope that they don't post those photos somewhere else for everyone to see!
Credentials—Sometimes it is difficult to remember all the user names and passwords you have created for work and personal use. But really, you should never use the same set of credentials for all accounts! You risk exposing your personal information across multiple access methods, not to mention company sensitive and confidential information that could cost you your job!
Status Updates—Be careful how you update your status! Keep the oh-so-clever and witty updates flowing, but refrain from of-the-minute location and action based updates. Consider the possibility that a "false friend" on your friend list might use this information against you. Are you telling people something about what you are working on at work or that you will be away from the office or home? Can this information be used against you somehow? One example from an article in Fierce CIO suggests, "(hackers) work to convince your IT support—while you are on holiday, for example—that you need to urgently access your email from abroad and have forgotten the password." Sensitive information lost and millions of dollars later, you may come to find that the root cause stemmed from a simple ole status update. Kind of scary, huh?
Don't be Naïve—Be careful! Remember that legitimate businesses have the information that they need to conduct business with you (like your banking information) and will not send you a random email or phone call requesting your social security number. Don't fall for these kinds of scams; and if you are not sure about the legitimacy of an email, phone call or website, just call your bank and ask!
Laws—Alas, some good news. There are in fact laws that help to protect your personal information. The Gramm-Leach-Bliley Act is a Federal Law that makes it illegal to use false pretense to get customer information. So when your rights have been infringed upon, act, it's your legal right.
Be Smart—I don't mean to scare you with this Perspective piece, and you shouldn't let hacker paranoia keep you from "friending" those old high school buddies, posting embarrassing prom pictures or telling us 25 things about you—that is the whole point of Social Networking. Do stay connected to both old and new friends, but hopefully this piece has provided you with some ideas of how to continue to grow your Social Network while protecting you, your family and your employer at the same time.
Ultimately, it's important to safeguard your private information. So be smart about what you do, say and set free on the Internet, because being smart is exactly what those hackers don't want you to be!
