With the Internet, our lives are more integrated than ever before: we communicate with friends online; we read and learn online; we pay our bills and shop online. But the convenience of Internet services comes with a price—nothing we do is completely private.
By now it’s hardly a secret to anyone that adtech companies collect your personal information. This includes all your social media activity, search entries, heat maps of how you navigate and view sites, and much more.
Why do they do it?
They earn money by selling information about you and what you like to anyone looking to sell something—brands, publishers, advertisers etc. Your personal data is their merchandise. If this infringement of online privacy concerns you, there are many tips on protecting online data. However, if you’re generally fine with the idea of your data being traded, consider the implications of this situation for the security of your personal information.
The Most Common Security Threats You Can Come Across
Online Danger: Data Breach
A data breach happens when certain parties gain unsolicited access to people’s personal data, usually with malevolent intent, and typically through hacking the systems of a company which has been aggregating these data. The perfect cautionary story here is the recent Equifax scandal when hackers gained access to the Equifax system for 80 days. As a result, the personal information of more than 143 million of Americans was available to them. Such stolen information can be used to ruin a victim’s credit history, file fraudulent tax reports, and illegally transfer money from bank accounts.
From January 2005 to September 2017, over 907 million records have been exposed in more than 8000 attacks.
So, what should be your response be if you face a data breach?
- First, find out what kind of personal information was leaked.
- If it’s your login credentials, just change your username and password for a compromised site. Never ever should you use one password for multiple services or sites. But if you did use the same password, be sure to update it everywhere.
- If your financial information was compromised, call the your bank’s support, ask to block your card, and request a new one.
- If your SSN was stolen, as in case with Equifax clients, you should actively monitor your identity. If the breached company is offering identity theft protection or credit monitoring, sign up for it. [1]
Online Danger: Malvertising
Malvertising is a kind of malicious advertising, which makes the ad itself ‘infected’ with harmful scripts or codes which then put your computer in danger. It is usually well-concealed, and a simple click can bring about a range of cyber threats from banking trojans to ransomware.
Here are some basic cautionary measures to take:
- Keep systems and software updated because the outdated software is more likely to have vulnerabilities.
- Train yourself to recognize fraudulent content as well as have some basic understanding of what safe browsing is.
- Use a reliable ad blocker for blocking malicious advertising.
Online Danger: Data-tracking
Data-tracking is how companies study you for commercial purposes—monitoring every action on various sites. Combined with demographic insights and browsing habits analysis, companies empower their behavioral targeting technology and data-driven advertising.
Basically, it helps them sell things to you.
Behavioral targeting is a method of targeting ads at users based on their browsing patterns, including which sites they visit, their searches, purchases, etc. What’s wrong with that? During a browsing session, cookie files are stored by the browser to help sites ‘recognize’ you. If that sounds harmless enough, here’s the trick: most websites will also give that access to third-party cookies set by various ad networks.
For a sense of scale, a simple cooking website showed 54 trackers loaded from its main page.
An overwhelming majority of the trackers are coming from third-party sites, and users are usually not explicitly notified of their presence.
Recommended for You
Webcast, October 19th: Triple Your Revenue Through Event Marketing
If you don’t want to trust the benevolence of such tracking, try the following:
Online Danger: Phishing
Phishing is a scam aimed at obtaining personal information by pretending to be a trustworthy party and engaging the victim in a fraudulent communication where usernames, credit card details, passwords and other sensitive information are ‘fished out’ of the victim. It often appears as emails, invoice messages, or instant messages from social media sites, banks, IT administrators, or payment processors—all redirecting to a fake website where the victim is supposed to enter their personal information or ‘contract’ malware. Phishing is extremely widespread.
According to Verizon’s 2017 Data Breach Investigations Report, two-thirds of all malware was spread via email attachments in 2016.
Staying alert at all times and being careful about opening unknown or unexpected documents are the basics of phishing-awareness. Additionally:
- Treat unknown emails with suspicion, especially those having subjects which are urging you to open them ASAP.
- Some phishing can be executed from the macros-embedded malware, so make sure to turn off Microsoft Office’s automatic macros execution for downloaded attachments.
- Avoid publishing sensitive and/or work-related information on social media.
- Try to enter login credentials only on HTTPS-protected sites.
- Consider using dedicated anti-phishing tools or antiviruses which have these kinds of functions.
- Keep your antivirus updated with the latest virus database.
- Consider implementing two-step verification for most services, including Dropbox and Google.
- Check with anti-phishing websites which publish the exact texts of messages which have been recently used in phishing scams.
Online Danger: Doxxing
Doxxing occurs when private, personally identifiable information is broadcasted to the public, often with the purposes of extortion, harassment, or online shaming.
Hackers can get your personal information from:
- Social media: your photos, geolocation tags, events you visit, which can tell them more about your home address, your university, or job.
- File metadata: find any MS Office file in your Gmail and check its preferences. You’ll see information about who made the file, the date it was created, and from what computer. Images have the same profile—photo resolution, the time the photo was taken, and the location.
- IP address: even you can identify any IP address with tools called IP loggers. For hackers, it takes minutes.
- Packet sniffing: a hacker will intercept the traffic between your Router and PC to spy on you and capture data like your email, passwords, credit card credentials, and more.
How to protect your physical and digital identity from doxxing:
- Use a VPN to protect your IP address and encrypt your data and Internet traffic.
- Use a tool to prevent websites from tracking your activity.
- Be cautious of the information you post, the photos you upload, and who you friend on social media sites. Here are the ways to adjust your security settings in social media.
- If you have a blog or website, remove your personal information from WHOIS (a public database of registered websites, which includes data like your name, street address, phone numbers).
- Delete your accounts from websites and apps you haven’t using for more than 6 months.
The common ground for all types of online privacy threats is that ignoring them is not a solution. If you avoid educating yourself and taking at least basic cautionary measures, your chances of being affected by this type of crime are growing every year with cyber-crime becoming ever more widespread.
[1] https://privacypolicies.com/blog/personal-data-breach/