Your Online Presence: A Hacker’s Perspective
We’ve all been told by our parents, “Don’t talk to strangers!” But did they ever tell you that you might be telling your friends… too much?
For most of us in the digital age, a typical day isn’t complete without logging into social media. And sometimes we get a little too invested in what we put on those social media accounts. From our outings with friends to an up-to-the-minute account of how we’re feeling, almost everything we do finds its way onto our profiles.
And that can be a big problem when our profiles aren’t private.
Public profiles can be seen by anyone and everyone, which means all of the information we share is put on display like a big flashing billboard. Pictures of our kids, updates on our vacations, phone numbers, addresses, floor plans of our new houses… wait, what? Yeah, give one of our hackers an hour and we’re willing to bet money that he’ll find all of it.
You see, profiles do more than just incorporate the lives of the people they belong to. Our contact information doesn’t really mean much to us at face value, but it can mean a lot to someone else. Names and contact information are consistently recorded for websites and make their way into databases. Many websites are solely comprised of information from these other sites.
That house you live in. Was it ever on the market? It was? Then at one point, pictures of that house were put on some website with the intent of selling it. But just because the house is sold doesn’t mean those pictures are gone. There are sites that scour the web for such information and store it for others to use.
Maybe your house is on the market right now. From a criminal’s perspective, pictures of the TV on the wall, or maybe the appliances in your kitchen, show how much money you potentially have and whether or not you would be a valuable target.
There’s a reason the internet is called the World Wide Web. And you are a bug tangled all up in it. (No offense.) And any spider willing to take a bite of the nearest bug caught in the web has plenty of resources to make it a juicy meal. With just the information they can find that’s publicly available, they can decide to break into your house and already know their way around. Or they can send you an email that they know will appeal to you, coaxing you to download a file laced with ransomware and securing an even easier payday.
The truly scary thing? That information and more can be found by starting with something as mundane as your LinkedIn profile.
Any time you provide your email address to a site, it is recorded and can be traced. But the email you used to sign up for LinkedIn is hidden, right? Wrong. All it takes is a simple plugin like Skrapp and suddenly that email that you thought was safe is now an entry point for a criminal. They can also get your connections’ emails, allowing the chain to continue. Savvy hackers can also search social media profiles and use a form of spyware to mine for information. They can combine all of the information they find to build a profile, with all sorts of useful tidbits on how to exploit you as a target.
For instance, if the hacker decides to initiate a planned phishing attack, the names and emails of your connections and colleagues create an opportunity for them to craft an email that would be received without suspicion. Using the emails and the crafted message, they can use you as the start of a mass phishing attack.
If you have a diverse social media presence, some of these threats are virtually unavoidable. But there is one thing you can do that would be a big step in the right direction: set your social accounts to private. That way, you have at least some control over who sees what information. Next, be careful about what you post. Don’t write a status update about your beach house while you’re still on vacation. If you do, you’re announcing that you’re not at home. Refrain from telling a purely online acquaintance any specifics that can lead to your identity, such as what position you hold at a company. And of course: be aware of what you put online. Don’t get lulled into a false sense of security. Trust us, those applications you use are storing every bit of information you put out there. And what we put out there, stays there – forever.
If a picture is worth a thousand words, how much is a profile worth?
If you, your organization or company, or someone you know would like more information about our company or the strategies criminals can use to take advantage of the information you put online, please do not hesitate to reach out to Mission Multiplier at firstname.lastname@example.org.