How the Hack-Marketeers target you!
Mark Stafford
Proven Cyber Security Excellence and Experience | Proven Business Success | Exceptional Person Green Card Holder
So we all know that big data is a big thing. It used by the likes of Amazon, Google and Facebook, for example to profile us all. They throw adverts at us during our online experience that seem to be getting more and more relevant to our internal "buy" button.
However where there is these, somewhat responsible companies, there are others that are now tapping into less guarded social media with fake profiles to gather other information about us that we thought was only important in the context of that particular online presence.
Why do they do this?
Well its simple! It fills in the gaps between one profile and another, and that makes it a lot more powerful from a targeting perspective, and therefore the data is very valuable to less, shall we say, responsible organizations.
The more you know about someone, the more you can, market to them. In some case exploit a human frailty, based on what you find and piece together.
I'll give a real simple example.
You probably have a profile here on LinkedIn. Of course you do because you are reading this! It's not difficult to link that profile, with simple data points to Facebook. You can hide some of you Facebook likes and groups, but does everyone do this? Friends lists and posts maybe, though if you hash tag something the data is there, because it’s a public post. Maybe it’s a story about your college for example? Then they have that data point to link you to other profiles on other sites, where you have your name and your college in your "public" profile.
And those other sites could be anything from TripAdvisor reviews, through to Dating Sites.
Yes… even Dating sites!
People think they have some anonymity on these, but they are trawled for info on you and that creates a profile to the hack-marketeers to exploit. It doesn't matter you only give your first name or lie about your age (we know you do it), there will be enough snippets of information for them to, with a small amount of AI piece it to you other social profiles.
So you enjoy Travel and want to meet someone who likes the same? Great data point for the hack-marketeers, especially if you also frequent other travel sites. Piece together countries, phrases that connect where you like to travel and how, and even when!
And sadly we give this data away without much thought.
What is even worse is that these forensic techniques that piece things together that used to take days, now take seconds. There are several sites which for a few dollars you can type in someone's name and it returns what it thinks is all the relevant data on you. That human cognition can kick in and decide if the data is right or not. Win-win for these sites that do little work for their dollars.
So here's the issue… It’s a stalkers dream, let alone a hack-marketeers bounty.
The protection on that data is minimal. It's easy to obtain with a few key strokes of code. In fact "screen scraping" data as we used to call it, has been a legitimate way of integrating systems and data for years.
The question is what to do about it?
You can avoid being online, but that’s not realistic. You need actually to think the risk through though of what you have in your public profiles on all these sites. Or just accept there are hack-marketeers out there who will find you and try to exploit what they know beyond ordinary buying habits. Where they can actually profile the kind of person you are.
No matter what the online app provider or website says, data can be got from those sites relatively easily. So you decide so you want it there or not.
Working in Cyber Security it never ceases to amaze me how we trust an app with a profile of who we are, that can be easily used. You don't even have to hack into the app. There is no need because in signing up to use the app, we gave away the data to anyone who can use that app, including bots and AI.
For all the protection on signups, like Captcha, all the hackers do is humanly create a profile, and then hand it over to their bot gatherers to get the data.
Facebook recently admitted that the fake profiles ran into millions on their service... think about it!
Stay safe!
---------------------------------------------------------------------------
Views expressed in this blog are those of the author and do not necessarily represent the views of any employer or professional body that Mark C Stafford is employed by or a member of.