How the Hack-Marketeers target you!

How the Hack-Marketeers target you!

So we all know that big data is a big thing. It used by the likes of Amazon, Google and Facebook, for example to profile us all. They throw adverts at us during our online experience that seem to be getting more and more relevant to our internal "buy" button.

However where there is these, somewhat responsible companies, there are others that are now tapping into less guarded social media with fake profiles to gather other information about us that we thought was only important in the context of that particular online presence.

Why do they do this?

Well its simple! It fills in the gaps between one profile and another, and that makes it a lot more powerful from a targeting perspective, and therefore the data is very valuable to less, shall we say, responsible organizations.

The more you know about someone, the more you can, market to them. In some case exploit a human frailty, based on what you find and piece together.

I'll give a real simple example. 

You probably have a profile here on LinkedIn. Of course you do because you are reading this! It's not difficult to link that profile, with simple data points to Facebook. You can hide some of you Facebook likes and groups, but does everyone do this? Friends lists and posts maybe, though if you hash tag something the data is there, because it’s a public post. Maybe it’s a story about your college for example? Then they have that data point to link you to other profiles on other sites, where you have your name and your college in your "public" profile.

And those other sites could be anything from TripAdvisor reviews, through to Dating Sites. 

Yes… even Dating sites!

People think they have some anonymity on these, but they are trawled for info on you and that creates a profile to the hack-marketeers to exploit. It doesn't matter you only give your first name or lie about your age (we know you do it), there will be enough snippets of information for them to, with a small amount of AI piece it to you other social profiles.

So you enjoy Travel and want to meet someone who likes the same? Great data point for the hack-marketeers, especially if you also frequent other travel sites. Piece together countries, phrases that connect where you like to travel and how, and even when!

And sadly we give this data away without much thought.

What is even worse is that these forensic techniques that piece things together that used to take days, now take seconds. There are several sites which for a few dollars you can type in someone's name and it returns what it thinks is all the relevant data on you. That human cognition can kick in and decide if the data is right or not. Win-win for these sites that do little work for their dollars.

So here's the issue… It’s a stalkers dream, let alone a hack-marketeers bounty.

The protection on that data is minimal. It's easy to obtain with a few key strokes of code.  In fact "screen scraping" data as we used to call it, has been a legitimate way of integrating systems and data for years.

The question is what to do about it?

You can avoid being online, but that’s not realistic. You need actually to think the risk through though of what you have in your public profiles on all these sites. Or just accept there are hack-marketeers out there who will find you and try to exploit what they know beyond ordinary buying habits. Where they can actually profile the kind of person you are.

No matter what the online app provider or website says, data can be got from those sites relatively easily. So you decide so you want it there or not.

Working in Cyber Security it never ceases to amaze me how we trust an app with a profile of who we are, that can be easily used. You don't even have to hack into the app. There is no need because in signing up to use the app, we gave away the data to anyone who can use that app, including bots and AI.

For all the protection on signups, like Captcha, all the hackers do is humanly create a profile, and then hand it over to their bot gatherers to get the data. 

Facebook recently admitted that the fake profiles ran into millions on their service... think about it!

Stay safe!

---------------------------------------------------------------------------   

Views expressed in this blog are those of the author and do not necessarily represent the views of any employer or professional body that Mark C Stafford is employed by or a member of.

要查看或添加评论,请登录

Mark Stafford的更多文章

  • The Great "AI" Scam

    The Great "AI" Scam

    "Oh Here you go again Stafford, you're hating on AI". Well no, well, maybe.

    14 条评论
  • Cyber Security Predictions 2021

    Cyber Security Predictions 2021

    This is something I do annually but may have missed a few years (like 2021). I make “cyber security predictions” for…

    3 条评论
  • Is Your Red, My Red?

    Is Your Red, My Red?

    There is a moment when a child, or adult, asks if the red they see is the same as the red someone else sees. It’s a…

  • Cyber Predictions for 2020

    Cyber Predictions for 2020

    Herein is my usual cyber predictions for 2020. Its a serious, but also somewhat philosophical looks at threats, risks…

    1 条评论
  • Cyber Security Predictions for 2019

    Cyber Security Predictions for 2019

    The Alternative Viewpoint Those of you who follow me on LinkedIn will know that last year I gave a rather different…

    3 条评论
  • Cyber Predictions 2018

    Cyber Predictions 2018

    There are a lot of these prediction type articles and blogs around, and most of them tend to be quite predictable! The…

  • Diversity Champion

    Diversity Champion

    Diversity is something that has made the human race what it is. It has allowed us to solve great problems, survive…

    3 条评论
  • Borderless

    Borderless

    One of the most clichéd statements in cyber security today is "there is no perimeter". And its true to a point, the…

    3 条评论
  • The Death of the CISO

    The Death of the CISO

    In the natural world, there is a natural evolution whereby in the current environment particular species adapt or die…

    2 条评论
  • The Radar

    The Radar

    Living in Texas can be hazardous, one for a newbie to the state, and the country, is not exactly in the tourist…

社区洞察

其他会员也浏览了