Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Oversharing information can lead to disaster online

Steve Ragan | Oct. 25, 2013
Many of us trade personal convenience for security when it comes to using technology. Steve Ragan outlines how social engineers use key information to exploit victims with phishing campaigns and through other attack vectors

Toby Goldberg from has additional solid advice to help keep your information private.

"Try to input as little of your real information as possible. Instead of writing in a forum or signing up for an e-newsletter with your official email address, create a separate account for these sort of things. You should even create a nickname for yourself that you can identify with but that cant come back to you," he wrote.

When it comes to social media, Goldberg recommends locking your profile down on places like Facebook, and limiting the amount of personal information shared. Facebook, as CSO covered earlier, is making things easy for those with malicious intent, thanks to "improvements" to their Graph Search. The same policy for information limits and controls should apply to other public accounts such as Twitter, Reddit, Instagram, and Vine (be selective about who, where, and what you film).

Unfortunately, while you can control your privacy with a certain degree online, the process isn't easy, and public records almost assure that you'll never remove it all. This is why it's important to understand what you share, when you share it, and how. Passive sharing, such as what Tynan did, seems harmless at first. But little bits of information add up quick, and that's what criminals use to fool you when they initiate Phishing campaigns.

"People don't usually post sensitive information intentionally to blog sites or social media, although it has been reported users do so inadvertently or accidentally... Comparatively, many apps and services encourage users to allow access to their photos, location information and files to make life easier or to 'share more' with the world," ThreatSim's Hawthorn explained to CSO.

But when such oversharing happens, we asked, how could it be leveraged?

"I would exploit the leaked data and add little "trust tokens" in my email to the target. I want to lower their defenses and make the leap from "suspicious" to "trusted" within the target's head. I would want them to subconsciously come to the conclusion that 'only someone legit would know this about me.'"


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.