Hackers want to get to know you better — and it is not because they want to be your friend. Besides seeking basic information about you (e.g., name, email address, birthdate), they want to get details about your life, such as where you live and work, your hobbies, your pets’ names, and the names and birthdates of your family members.
Sometimes, cybercriminals get personal information by hacking into organizations’ sites. Other times, they do not have to work that hard. They simply check public databases (e.g., online phone directories) or social networking sites.
Cybercriminals often use personal information to hack into online accounts that use an email address and password as the login credentials. For example, if hackers know your email address, they might try to guess your password based on your personal information (e.g., child’s or pet’s name). Or, they might try to determine the answers to your security questions so that they can reset your password. For example, if you answered the question “What was your high school mascot?”, hackers could check Facebook or LinkedIn to see if you mentioned your high school. If you did, they could then do an Internet search to find out the school mascot.
In addition, cybercriminals sell personal information in underground cyber markets. The demand for it is extremely high, according to security experts. Buyers might use the personal information for spear phishing attacks or identity theft.
As an individual, there is little you can do to stop a cybercriminal from hacking into organizations’ databases or getting information from public databases. However, you can take measures to minimize how much personal information you reveal to the world, without becoming a social recluse:
- Do not share too much personal information on social networking sites.
- Consider limiting who can see your information or posts on social networking sites. For example, only share your Facebook posts with your friends on Facebook and not the public.
- Do not sign up for a new online service using Facebook or another social networking account. If you do so, the new online service can pull all the information about you from that site and use it to build a profile on you. As a result, all your personal information will be in two locations instead of one. It is better to manually sign up so that you can control what information the new service has.
- Do not voluntarily give personal information about yourself to organizations. Organizations often ask you to provide preference and demographic information when you sign up for an online service, request information, or even fill out warranty cards. If the information is not required, do not give it.
- Keep personal information out of emails, instant messages, texts, and all other types of online conversations. Even if you delete them, they are archived by the service provider. If cybercriminals hack into the archive, they will have that information.