Your digital footprint is an accumulation of all your online activity: publishing, commenting, sharing, browsing the internet, online shopping, sending emails, etc. Consider it a normal footprint, an impression left in the sand or a track from walking through a puddle. It’s the same online.
The collection of this publicly available information is known as open-source intelligence (OSINT) gathering, and it’s paramount that businesses and their employees are aware of how this information can be used by social engineers and hackers.
OSINT techniques can be used to guess passwords and crack security questions to gain access to accounts and sensitive data. Whatever information is made available, think whether it’s used in a password. Have you got your university public on your LinkedIn page? Is the university and graduation year a password? Is your degree the answer to a security question?
LinkedIn company pages and employee lists can be utilised for username enumeration with the aim of gaining a foothold into company networks or systems. It can be possible for social engineers to scout social media pages and feed the information through automated scripts to generate a list of potential passwords and link them to collected usernames.
Nowadays, with the advancement of machine learning, it can be used to help break the veil of anonymity online. A disgruntled staff member may be slandering a company online using an anonymous/throwaway account. As more of an investigative tool, machine learning can be used to scan chunks of text for idiosyncrasies and writing style and compare it to legitimate accounts.
Nowadays, it’s rare to find someone with zero social media presence since social media and the Internet have become such an integral part of our day-to-day lives. Remember, the next time you post a picture online, consider whether that information, and other hidden information, can be collected and used to gain access to your personal information.
Cleaning it Up
Unsubscribe from mailing lists: check what unnecessary email you’re receiving and unsubscribe if they’re from a mailing list, this reduces threats from attacking subscriptions.
On social media: change your habits. Do you post images of your holiday while on your holiday? This tells criminals you’re not at home. Think about your posts: are you okay with anyone seeing any of your content?
Clear caches/cookies: cookies save your website activity for next use, so it’s important to clean them up every so often.
Adjust your privacy settings: this limits who can and can’t see your posts and activities on websites. Ensure to change them all on all your social media platforms.
Curate your online presence: go back through your old accounts and delete whatever you no longer use. Is there an online store you haven’t bought from in years? Log back in and deactivate your account.
For further information, or if you have any questions about your privacy, contact ISD Cyber at enquiries@ISDCyber.com.