Your Digital Footprint: It’s Bigger Than You Realise
Virtually everything concerning you exists online, whether you intentionally share it or not.
Each online interaction contributes to the vast pool of data, forming what is commonly referred to as your digital footprint.
Your digital footprint, a byproduct of your online engagement, becomes a gateway that potential attackers can exploit to target you. Furthermore, it serves as a pathway they may then use to target your organisation.
There are two types of digital footprint: conscious; and unconscious; both equally as dangerous.
Your conscious Digital Footprint is when you actively share personal information on social media platforms or create an online profile. Your conscious digital footprint is intentional, and it includes posts, comments, photos, and other content you knowingly contribute to the digital realm. For example, sharing an update about a new job on LinkedIn or posting a picture on Instagram from your holiday abroad. This information can be a goldmine for cyber attackers who are sat watching you to learn more information about you to spot vulnerabilities.
On the other hand, your unconscious Digital Footprint is the trail of data you leave behind without your direct input. Every website you visit, every online purchase you make, and even your location data contribute to this silent but substantial digital presence. Often, people underestimate or are completely unaware of the potential risks associated with this type of data accumulation.
Cyber attackers are experts at piecing together these seemingly insignificant bits of information to build a comprehensive profile about you.
From there, they will sit and wait until they spot a prime opportunity to exploit your vulnerabilities, whether it is through phishing attempts, identity theft, or other malicious activities.
It’s crucial in today’s interconnected world, with cybercrime growing in scale, that you protect yourself as much as possible.
Here is an example of how easy it would be for me to target you:
Firstly, I’ll identify you as a target due to your profession or position. I might start my search on LinkedIn where I’ll study your profile; noting your connections, interests, and even the profiles of those “People Also Viewed.” I’ll then start adding your connections, building a facade of mutual relationships.
Creating a fake profile, I’ll pose as a recruiter, complete with an AI-generated photograph. I’ll rapidly build up 500 connections in a few days, creating an illusion of credibility. I’ll then connect with you, start engaging and building your trust. Once I’ve built your trust, I’ll then make you a job offer, your curiosity might get the better of you and you’ll click on a malicious link to find out more.
If this doesn’t work, I’ll use your LinkedIn details to find out what your personal email address is. You may have disclosed it on your profile somewhere, it may be discoverable somewhere else online, or it has been leaked in third-party breached databases that have since been uploaded to the dark web.
With your personal email address in hand, I’ll check if your accounts have been part of any other data breaches – it’s quite likely they will have been. This will furnish me with breached passwords, usernames, mobile phones numbers, IP addresses and other sensitive information you did not realise was public. Now, armed with your past passwords, I’ll attempt to infiltrate your more secure accounts, like your work-related emails. I’ll quickly understand who your colleagues are and who I would need to target.
I’ll register a similar-looking domain, create a deceptive email address, and send seemingly legitimate emails to your colleagues with a fraudulent invoice with a payment request, for example. Eventually, someone will approve a transaction and I will line my pocket with the proceeds.
The above scenarios show just how simple it can be for someone to hack you and the different paths they may take.
It’s important that you think about what you are sharing online.
Ask yourself the questions:
- When did you last review your privacy settings on social media platforms?
- How often do you accept connection requests that you don’t know?
- Do you use a virtual private network (VPN) to mask your online activities, and encrypted communication channels, and regularly clear your browser cookies?
- Do you use a privacy screen on both your phone and laptop when you are out and about?
- Do you know which of your passwords have been leaked through data breaches and if so, have you changed these?
- Do you use a strong, unique password for every single different account you use?
Educating yourself about the potential risks and staying informed about cybersecurity best practices is crucial in today’s interconnected world.
Remember, the more you understand and control your digital footprint, the less of a target you will be.
Katie Barnett, Director of Cyber Security, Toro Solutions
If you are genuinely concerned about what someone could find out about you online, Toro conducts comprehensive digital footprint reviews complete with actionable recommendations to reduce your exposure. Please feel free to contact us at info@torosolutions.co.uk.