Some actions you do online may seem harmless but can be more dangerous than you think.
In this hyper-connected digital world, it’s not uncommon for online users to share highly personal information without giving it a second thought. Here are 3 main things you should look out for when using the internet if you to protect yourself from phishing scams, identity theft and other cybercrimes.
Social Media Quizzes
Social media quizzes and surveys seem innocent enough to fill in and millions of people take those everyday thinking that is just about getting to know your spirit animal or the country the best fits your personality based on 5 questions.
However, experts say that right now your information could exist on a database that has your name, your address and all of your shopping habits. The more quizzes you take, the more third parties know about you. Maybe you combined your mother’s maiden name with the color of your first car to find out that if you were a street racer, you’d go by the name of Fitzpatrick Gold. This could grant them access to your accounts where they can steal your information, and some of these games take things even further. Hackers also create deceptively innocent surveys to goad people into posting the answers to their password security questions, such as “What was your first pet’s name?” or “What was your first car?”
We’ve seen it happen before: A data mining company creates a fun personality quiz on social media for the sole purpose of tricking people into handing over their personal information—even their private messages, in some cases.
Unfortunately, it's no coincidence that a lot of the information they request is the same information used to answer the security questions websites ask when you set up an account. These questions can act as a fallback if you forget your password or get locked out. But if someone else answers these questions correctly, they can change your password and take control of your account.
What if I’ve already shared my information?
If you’ve already participated in one of these social media games, you’re not alone. The good news is that you can take steps to remove the posts and change the answers to your security questions. If you’ve shared a post on Facebook or Twitter that contains this type of information, it’s a good idea to delete it. This also protects any friends or family members who added their information to the comments. Afterwards, you need to change the answers to any security questions that you may have shared publicly.
Open Inactive Accounts
If you’ve ever abandoned an email or social network but never got around to deleting your account, you could be leaving yourself and your company vulnerable to hackers. These so-called zombie accounts are easy targets because they aren’t closely monitored. If hackers manage to break into your account, they could gain access to a slew of sensitive information. Hackers much like robbers, often look for the easiest and quietest way in through user and service accounts that are no longer in use, for example. Plus, if you or your employee have used the same password on other sites, those accounts are now also at risk.
This basic security step is often overlooked. Whether it’s a result of an employee leaving or changing positions, if organizations don’t take the necessary steps to close these entry points, they will end up with a vector for attack. Most organizations focus on protecting current users, but ghost users are a huge and often overlooked threat. If the IT team isn’t notified, “ghost” users can lie dormant, yet still retain access to systems and data.
The threats posed by stale users can often be mitigated just by improving communication between your IT team and other departments. IT can implement permission changes and account closure, but only if they receive information from other departments, such as human resources, who can flag when an employee leaves.
From a hacker’s perspective, it’s relatively easy to find inactive accounts to target -- a quick search on LinkedIn or Twitter, for example, could reveal who’s recently left a company. Now imagine what could happen if hackers found their way into the account of a senior level staff member – someone who has left the company or changed roles – with access to a wide range of sensitive information across the organization. The hacker could use this account to gain access to valuable intellectual property, personally identifiable information and financial documentation, just to name a few.
Using Public Wi-Fi
Public Wi-Fi can be found in popular public places like airports, coffee shops, malls, restaurants, and hotels — and it allows you to access the Internet for free. These “hotspots” are so widespread and common that people frequently connect to them without thinking twice. While business owners may believe they’re providing a valuable service to their customers, chances are the security on these networks is lax or nonexistent.
To better visualize this kind of situation, imagine that you are at a bus station or at your favorite cafe and you decide to log into some open Wi-fi network. Your device monthly data has ended, and you desperately need to see your email and possibly pay some bills. The problem is that an open wi-fi network can be fraudulent or can be easy access, therefore your activity can be tracked, and your personal and professional information can be stolen.
Whenever possible, check with a staff member to figure out which Wi-Fi network is genuine, and never check your bank account or log onto website containing sensitive data if you’re not using a secure, password protected network, even if the sites are encrypted with HTTPS.
Take care of your information, don’t take risks with inactive accounts, open Wi-Fi and social media quizzes. Seemly harmless interactions like those can cost you and your company a great deal of time, money and assets. If you have done any of the actions mention above, check if you have an account that has been compromised in a data breach: https://haveibeenpwned.com/.