When you use the internet, you leave a trail of data, a set of digital footprints, behind. These include your social media activities, web browsing behavior, health information, travel patterns, location maps, information about your mobile device use, photos, audio, and video. This data is collected, collated, stored, and analyzed by various organizations, from the big social media companies to app makers to data brokers. As you might imagine, your digital footprints put your privacy at risk, but they also affect cybersecurity.
As a cybersecurity researcher, I track the threat posed by digital footprints in cybersecurity. Hackers are able to use personal information gathered online to suss out answers to security challenge questions like “in what city did you meet your spouse?” or to hone phishing attacks by posing as a colleague or work associate. When phishing attacks are successful, they give the attackers access to networks and systems the victims are authorized to use.
Following footprints to better bait
Phishing attacks have doubled since early 2020. The success of phishing attacks depends on how authentic the contents of messages appear to the recipient. All phishing attacks require certain information about the targeted people, and this information can be obtained from their digital footprints.
Hackers can use freely available open-source intelligence gathering tools to discover the digital footprints of their targets. Or they can mine a target’s digital footprints, which can include audio and video, to extract information such as contacts, relationships, profession, career, likes, dislikes, interests, hobbies, travel, and frequented locations.
They can then use this information to craft phishing messages that appear more like legitimate messages coming from a trusted source. The attacker can deliver these personalized messages, spear-phishing emails, to the victim or compose as the victim and target the victim’s colleagues, friends, and family. Spear phishing attacks can fool even those who are trained to recognize phishing attacks.
One of the most…