Imagine you pick up the post after breakfast and find various invoices and reminders for things that you have never ordered. This is a classic case of identity theft, in which criminals buy products on their behalf.
Many of
these scenarios, which we know from the analog world, often work more easily
online. People voluntarily disclose large amounts of personal data. This
happens via social media platforms, on which it is publicly shared,
"liked" and forwarded. So today it has become easy to collect
the necessary information so that you can successfully impersonate someone
else.
The Cybersecurity Aspect
I know what your birthday is from your Facebook account, Instagram shows me
where you were last on vacation and Twitter tells me what your political
attitudes are. But not only do personal accounts reveal a lot, but there is also
a lot of exciting information on company websites with employee profiles. For
example, their role shows what rights and powers they might have in their
company.
This research is also
called Open Source Intelligence, or OSINT for short, and is part of social
engineering. One tries to get to company data by manipulating employees. The
goal is to gain access to the company's internal network. OSINT helps to
pose as an IT supporter and to convince an employee to give the attacker access
to his device. There are also simpler attack scenarios, such as an email
from the CEO who would like to initiate a payment.
The Personal Aspect It
becomes much more dangerous when the attacker has effective access to your
data. Short mind game: How many accounts would an attacker have access to
if he had the password of your email account? Also, consider where he could
reset the passwords if you are using several as an example.
How much damage can he cause if he has access to e-banking, Facebook, Instagram
or other accounts?
Such login data are currently
being sold on a large scale. If you want to test your email address,
is the ' have I been
pwned? 'a good start. Unfortunately, there is not much
that can be done as a user against these publications. The best
protection, apart from not having an account at all, is so-called two-factor authentication. Many people know this from e-banking,
which still requires a code via SMS or photo to register. But many
social media websites also offer such methods.
What
Can You Do About It?
One solution would be not to make the
information public. Even if this is a good approach and everyone should
handle their data very carefully, it only helps to a limited extent in the long
term. The information can still be found. Much can be achieved through your own behavior
and common sense. Always be critical if someone contacts you. It is
best to ask again about a second way. Similar to two-factor
authentication, you can contact people via other channels. This can be a
WhatsApp message, by phone or, best of all, in person.
A Few Principles for It Support at First
Frame Networkers
It can also happen that our identity is misused. So here are a few rules
for our support services: We'll ...
• Never
ask for their passwords, either on the phone or by email.
• never ask for remote access to server systems.
• never ask for remote access to your client system without a reference to a ticket you opened in advance.
If you are unsure whether the call from first frame networkers is legitimate, you can call back at any time. Either to already known people or via our back office.
Protect your data from identity theft by installing antivirus software.

No comments:
Post a Comment