Over the recent weeks, you’ve probably heard or seen reports of the data hack that happened on Facebook and LinkedIn, which exposed millions of users’ personal information online. Both Facebook and LinkedIn acknowledged the incident, however noting that the information was either publicly available or obtained were from previously reported data breaches.
Regardless of how it happened, the damage was done, and we’ve covered it in this article here explaining the incident. What’s certain is that these data breach incidents, which seem to be growing in frequency, have sparked concerns among social media users. How are cybercriminals able to gain access to our data? What techniques do they implement to capture our data?
To get answers, CSA reached out to Brad Gray, Senior Vice President APAC at Exclusive Networks, who outlined various cyber attack strategies that cybercriminals use to manipulate users.
Amid increased digital activities and new technologies adopted during COVID-19, scammers are also repackaging old tactics, like brand imitation, to lure unsuspecting victims.
“Instead of redirecting users with bad links to websites that look similar to well-known brands, QR codes, which have recently become a popular way for businesses like restaurants to engage with consumers, have become the new way of misleading people to fraudulent websites or download malware”, said Brad.
Advanced technologies like Artificial Intelligence (AI) and machine-learning, although they have many positive applications, these powerful tools have their pitfalls as well. They can be manipulated and used to scrape information on victims, track and engage with them, automate hacking and impersonate targets using speech synthesis, etc.
According to Brad, deep fakes, which leverage AI and machine-learning to create realistic simulations of individuals, are currently not a major source of concern. As the technology improves, however, the risks associated with them will increase and criminals could use them to target influential figures and trick unwitting victims into giving up confidential information.
Another technology that could potentially put individuals at risk is IoT devices. This technology is becoming much more prevalent in our daily lives and as a result, they have become potential targets for unwanted intrusion. Our domestic appliances, such as smart fridges and air-conditioning units that are connected to the internet can become data collection points for cyber attackers that can be easily exploited.
“Additionally, many of these IoT devices have not been designed with security in mind or are not installed with proper security procedures in place”, said Brad. “According to a Palo Alto Networks’ report, 98% of all IoT device traffic are unencrypted, exposing personal and confidential data on the network”.
This puts companies at risk, especially as employees connect their IoT-enabled applications to laptops and other devices that are indirectly or directly linked to business servers.
As mentioned earlier, social media users are now more concerned than ever with their data being leaked online. So, what kind of information are cybercriminals interested in? Publicly available personal particulars posted on social media platforms, such as a user’s contact details, location, and business activities can be scraped and analysed to profile victims and their behaviours.
“This is usually done in the reconnaissance phase to gather more information about targets, which can then be used to build a convincing impersonation and as part of phishing scams”, said Brad.
Other seemingly innocent social media posts on birthday celebrations could reveal important details such as date of birth or a pet’s or a child’s name. These are commonly used as verification details to services such as email or banking websites, and in the wrong hands, could give unintentional access to those with nefarious intent.
Hence, we need to be more aware of what we do online so that our data does not fall into the hands of cybercriminals. It is important to teach individuals to watch what they post and check what information is included in their pictures, especially for any personally identifiable information online such as names, home and email addresses, telephone numbers, dates of birth and other information relating to medical status and education, etc.
“With live updates available on platforms such as Instagram and Facebook, people inadvertently reveal more than they realise on their whereabouts or what they are doing. Even innocuous pictures of work from home setups can be misused. It could contain vital information on things like their running routes, the street they live on and the layout of their home”, explained Brad.