We share a large part of our lives on social media 🤳. Sometimes a little too much. That may sound like an open invitation for hackers. This method of data collection is also referred to as Open Source Intelligence (OSINT), which can be used in a cyber attack.
People often post pictures of their passport, driver’s licence and concert tickets on social media. You might think gosh, that’s pretty dumb, and you’d be right. It still happens a lot, though 🤦. The barcode on your concert ticket can be used by anyone, and with a picture of your passport or driver’s license, someone could open a loan in your name.
So be cautious of what you do and post on social media. Do you have an annoying ex who’s keeping tabs on you? Don’t post on social media about where you are at any given time. Waiting for something you ordered online 📦? A hacker could call you, acting as an employee of the web shop in question, to ‘check your information’. It’s mostly a matter of realising what the risks are to you.
Many companies only require a name, date of birth and address to verify that you are who you say you are. This information is easily found online. People celebrate their birthdays 🎈 on social media and indirectly say where they live, by posting an Instagram picture of their new home 🏠, for example.
Using this method, one hacker has already managed to fool a telecom provider into registering someone else’s phone number to his name. This also granted him access to the victim’s WhatsApp messages. This method of hacking is also known as social engineering; a form of cyber attack that requires manipulation.
The answers to your secret questions can often be found online too. It might be the name of your first pet 🐱 or your mother’s birthplace. Be aware of this fact.
What does a hacker do when they want to collect information about a target? That’s right: google the target’s name. Google yourself regularly to know what personal information is available for anyone to see. You could, for instance, set up a notification that emails you every time your name comes up in Google. In some cases, it’s even possible to have information removed from the search engine.
We post a lot on social media. That’s why it may be wise to set your profiles to private. Do you share a lot of your private life on Facebook and Instagram? Then set your Facebook profile to private (click here to see what that would look like to anyone who isn’t your friend) and lock your Instagram account🔒, requiring users to ask for your permission if they want to follow you. The same goes for Snapchat.
Twitter is a different story altogether. A lot of users use Twitter to reach as many people as they can. If you have a public Twitter profile, pay extra attention to what you post, from your location to your private information. And log out of Twitter when necessary — especially when you’re using a public computer or a friend’s laptop.
Google Alerts lets you monitor 👀 online content. Enter your own name as a keyword and you’ll know exactly when your name gets mentioned on any website. You can also monitor more sensitive information, like your home address, e-mail address or phone number. If a website publishes this information for whatever reason, you’ll know right away and can subsequently choose to take action.
It’s definitely possible to create a safe digital copy of your passport, driver’s licence 🚗 or any other form of identification. The Dutch government even released an app to help you do just that. It’s called KopieID(CopyID). The app allows you to redact sensitive information, like your Citizen Service Number or Social Security Number. You can add a watermark, describing the purpose of the copy, such as copy for
stay at hotel name on date such and such. Don’t worry: the important parts of the app are in English.
Are you aware of all the devices you have used to access your accounts? And did you remember to log out when you stopped using certain devices, like a friend’s tablet or a public computer? To be sure, check the overview of active sessionswhich Google, Facebook and WhatsApp - among others - provide, and deactivate the ones you don’t recognise.
Many companies offer the option to go over your security settings, like Google, Facebook and Twitter. You can see on which devices you are logged in, and which other services have access to your information. If you check your security settings regularly, you’ll usually come across a device or service that doesn’t require access 🛑 to your account anymore.