…when the good things in life aren’t really free.
There is an ongoing misconception that the internet is a relatively safe place, and that our online presence is meant to mask our identity or offer a different persona than who we are. With internet fast allowing for seamless inter-connectivity among governments, businesses and individuals, there are probably more information about us circulating in the web than what we keep in our wallets.
This is a dilemma that sprang ever since mankind managed to develop technology around information. On one hand is a problem of diminishing that level of trust befitting the information when more data is inter-connected with different systems; and on the other is the problem of identity theft much as we’d like to believe we are insignificant in the continuously evolving world we live in.
For one, we cannot deny that technology is enveloping us, even to the minute layer as our own most information; and there is no way to unsubscribe from it. Think of passbooks, ATM cards, e-passports, census papers, driver’s licenses or company ID – anywhere the ubiquitous barcode or QR Code is placed and anything that our signature, PIN, fingerprint or iris image may unlock.
But are we doing enough to protect our information? Or are there human factors or behaviors that may sub-consciously betray what I refer to as the web of trust; not only our own, but that of other people, from the many information about them that may be derived from us? We have often heard the adage, “the best things in life are free.” But are they really? Or at what cost? Among the factors that may erode the web of trust and eventually lead to social engineering are:
- Free Lunch/Dinner.
Have you ever noticed how many unsolicited calls come after getting invited to a free lunch or dinner, usually in a five-star hotel, ostensibly to sit-in for a short video presentation of a resort or hotel timeshare, with “no commitments”? Of course, they normally ask you for the specifics: full name, address, contact number, work details, income, family members. In case you have not noticed, the promoters of these free lunches are not the resorts themselves but third-party marketers who are more than willing to sell your information to other businesses. Sometimes, no matter how hungry you are, it pays (pardon the pun) to buy your own lunch/dinner.
- Free Wi-fi.
This has become ubiquitous especially in coffee shops, airport terminals, malls and hotels. It often extends to people’s homes whenever somebody drops by for a visit, where kidding aside, the next phrase that now comes after “Hello, how are you?” is “What’s the wi-fi password?” There is strong temptation not to pass on this very welcome offer to quench our ever-growing thirst for connectivity. Keep in mind that these free wi-fi are essentially open and unsecured networks where data could easily be hijacked by a tech-savvy operator, and information stolen under our very noses. Never underestimate the capability of the darknet criminals; some even broadcast a fake wi-fi service signal to trick you into connecting to their system where they see everything including your keystrokes and whatever appears on your screen. If you must use any of these free wi-fi, use a virtual private network (VPN) service — again it may be worth to invest — that encrypts the traffic passing through the network. That way, your data will basically be useless in the hands of unauthorized people. With that said, never ever do your banking chores while connected to such free wi-fi without the cloak that a VPN offers, or you may end up cash-strapped to pay for that cup of coffee.
- Free Data.
We must ask: whom is the free data for? It’s either for you or for the deceitful lurking around. Facebook has been such a blessing in providing a free platform for self-expression and nurturing our interpersonal relationships that may explain its popularity and success. With that said, never allow yourself to be the weakest link in the web of trust among your peers and friends. Criminals may never intend to steal from you in the first place, but that successful entrepreneur in your friends’ list may just be a likely victim, with you as unsuspecting conduit. Among the best practices employed to keep your online data safe are: a) Don’t publish all your names — your middle name is often used for authentication, since it usually is the one that sets you apart from other similar names. b) Don’t publish your full birthdate — month and day are often enough for everyone to remember to greet you on your special day; adding the year makes it a personally-identifiable artifact. c) Never publish your address — either in your profile or as a reply to a status update asking about a party you are hosting. d) Avoid checking-in to a location at the very same time as your travel, riding on the “at the moment” trend; it would be better to do the check-in hours after you left the place to prevent unscrupulous individuals tailing you or staging a chance encounter. e) Hide your friends’ list — social media should not be a popularity contest as to the most number of friends in the same manner as the old Friendster may have been for the hippy folks. Facebook allows like-minded individuals to see mutual connections; beyond that merely courts disaster.
Identity theft may not be a prevalent theme in less developed economies, but that does not totally remove them from the equation as a possible source of information that may be sold elsewhere. It is a serious crime that can have damaging and far-reaching effects, and may be difficult to recover from without distressing the victims both financially, emotionally, and much worse, put a negative dent on an individual’s reputation that may last a lifetime.
I agree that most valuable things in life don’t cost any money, or to be more precise, are worth more than anything money can buy – and that gives you even more reason to protect them.
Web of Trust – a concept in cryptography to establish the authenticity of a binding relationship between a public information and its owner. In social networks, this can also refer to the “circle of influence” where networks can grow in size but may also compromise persons’ anonymity especially when connections are derived for social engineering.
Social Engineering — in the context of information security, it is a pretext to an attack that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.