Keeping Safe Online: You Share a Shocking Amount of Personal Information Online. Here's How to Stop.
The uses of open-source intelligence for the normal, everyday person
As you wake up, your phone flashes with several notifications:
You have time to keep your policy from canceling! Your
auto policy is scheduled to cancel. Simply log in online and
make a payment.
Dear Paypal Customer,
Your account access has been limited, You have 24 hours
to solve the problem or your account will be permanently
deleted. Confirm your information.
Targeted Ad: Do you need the brand new weighted blanket
you were looking at yesterday? It helps with anxiety!
Cheap and affordable!
Hello, this is Alex. I think you accidentally blocked me on
everything!!! haha I found your Whatsapp and wanted to
check in!
Caution: Phishing! Identity Theft! Cyber Stalking!
You're tired and about to make a mistake that will cost you.
As emails, advertisements, and unwanted messages that are intrusive, unwanted, or harmful continue to enter our inboxes everyday on mass, many of you accept every checkbox asking for your data, leave your profiles on public, link your profiles on everything, use the same username across platforms, and share everything you're doing and everything you are thinking everywhere that you are doing it. Even if you know not to click unverified email and text links, it can be very difficult to dodge all of these attacks.
Whether you are doing one or many of these one thing is clear: you have a poor sense of operational security.
The term may sound sophisticated, but it is actually quite simple: Operational Security (usually shortened to OPSEC) is a security and risk management process that helps prevent your sensitive information from getting into the wrong hands. There are many ways that you consciously and unconsciously share your information online, making you an easier
target for scammers, hackers, unwanted old-friends, and creepily knowledgeable advertising agencies. But, first and foremost, we should probably figure out just how much other people know about you!
For this cause, I will introduce another scary term: Open-Source Intelligence (or OSINT). When a person (or team) analyzes significant information that is publicly available, OSINT is the resulting product.
Because anyone with internet access can remotely access the lives of billions of other people, OSINT has become a rather powerful tool to learn about someone else. It can be as complex as the likely location of a terrorist and as simple as the phone number you found on Facebook of that old high school friend you lost touch with.
It is important for your operational security that you find what information you are sharing and reduce it where you can.
If you go on your online profiles what information do you see? Do you have old profiles that have more information on them than you realize? Can the information that you share on multiple profiles be collected and used together against you?
Finding your Weaknesses
As an individual, OSINT is the perfect means to figure out where you’re vulnerable!
Especially in multiples, you should consider these points of personal identifying information and traits that you might be sharing publicly:
● Your Name: a full name, maiden name, aliases (such as a username that you use), and social media profiles
● Your date or place of birth
● Your religion, personal interests, and hobbies
● Passwords
● Information leaked about you in data breaches/data dumps/and pastes
● Devices and the Operating System that you use
● Personal identification numbers: a passport number, driver’s license number, work identification number, badge numbers, or financial account number
● Information that friends, colleagues, and family members share about you on their profiles
● Personal address information: a street address, location data, geographical data, posts that share future or current movement, or an email or mailing address
● Personal and business telephone numbers
● Personal characteristics: photographic images (usually your face or other identifying characteristics), fingerprints, or handwriting
● Biometric data: eye scans, voice signatures, your race, or facial geometry
● Information identifying personal property: a VIN or title number
● Employment, Medical, Education, and other Financial information
● Asset information: an IP or MAC address (what is used to uniquely identify your computer) that links to a particular person
Each piece of information on this list, shared on social media, dating profiles, and online posts can be used to better understand and target you.
If someone wants you to click a link that downloads a Virus, they can increase their chances of scamming you by learning more about you and tailoring the scam based on what information they know.
If they want to steal your identity, they can use one or two of these points to contact companies, friends, or government agencies to gather more information that they can use. With the name of your school, your mother’s maiden name, or your pet, a malicious actor can use a password reset security question to access your account.
If they want to steal money from you, they can use the information you provide them to understand your preferences and experiences, making it easier for them to convince you to give them more information or to pay them money. Romance scams, for example, in which a person creates the illusion of a romantic or close relationship to steal from a victim, are empowered by details that you share online that can cue a malicious actor that you are vulnerable and provide to them the information needed to gain your trust.
If they want to find you or stalk you, they can use the pictures that you post and the comments that you write. If that is not enough, they can use several of these information points to snowball enough information to locate you like the person who wants to steal your identity.
Responding to these Risks
After looking at your profiles, you may begin to see that you share a lot more than you realized. The more points that you have, the greater the net a malicious actor can use to catch you. You must also understand that, on the internet your digital identity is an accumulation of everything that has ever been disclosed about you.
How, then, should someone lower their risk of being attacked? In the digital age, it is almost impossible to remove all of this information. You can, however, take easy steps to reduce your footprint.
Step One: Denying Access
The first step is to deny these malicious actors of your data. By adjusting the privacy settings of your account, you can prevent the majority of people from collecting your private information.
Step Two: Take Control of your Posts
Next, you can choose to control your privacy when you post. If your whole profile isn’t private, you can still manage the privacy status of your status updates, photos, and information through your settings. Don’t share information online that can be used to target you like when you leave the house to go to work or how much money you earn.
Step Three: Change the Way you Connect
Then, you can change how and who you connect with by limiting your posts to people that you know. Make sure that the websites you buy from have a secure connection and do not friend strangers.
Step Four: Damage Control
After those steps, check if you have been doxxed (when your private information is documented and dumped online) or have had your account breached. Check websites like Have I been Pwned. If you are a public figure, consider looking at Kiwi Farms for a profile on you. Search your name on search engines to see if anyone has posted information about you. Check with a Credit Bureau to see if someone has stolen your identity and is using it to steal money.
Step Five: Finding the Weakest Link
You are not the only person sharing your information online. Examine your timeline and tagging. Who is and has tagged you? Do you tag other people in your posts? What happens when friends tag you or your content and post on your timeline?
Step Six: Resist Corporate Information Sharing
Frequently review Ads, Apps and Websites. Inspect what information you are willing to share with applications, games and websites. Consider opening Google’s Ad Center and seeing the profile they have made about you.
Step Seven: Tying Loose Ends
Finally, limit the audience for past posts. Consider scrubbing old accounts of information you don’t want out there. Request archives to remove your data from their websites. Ask collection companies and data brokers like TruePeopleSearch to stop tracking you by opting out. Manage your past post visibility. Block People and Apps that may try to access information you do not want them to.
Finding a Balance
Deciding to take ownership of your presence online can be overwhelming at first, but by taking those first steps you can save yourself hours, days, and maybe even years worth of frustration and loss. Any of these steps in any order can increase your online security. By becoming better at Operational Security through OSINT, you can better protect yourself and those you love from this digital age’s new, invasive generation of cyber-criminals and corporations.
