Anyone who uses banking and financial services, social media, mobile apps or has retail accounts has shared their personal information far and wide across digital systems. Preventing identity theft and protecting yourself against scams has become more difficult in this new environment.
It is virtually impossible to avoid having personal data circulating in the digital realm.
Social media and messaging platforms, web browsers and mobile apps already have access to vast amounts of data about each user. You can choose not to use social media or digital tools to avoid this, but it is not very practical to do so, and would exclude you from some of the modern digital conveniences. Even if you did so, your data would still reside in the digital realm through banking accounts, utilities, loans and more. As we saw in high profile hacks like the TransUnion breach, there is no guarantee that your information is safe with major enterprises like these either.
A report by Clario entitled the Big Brother Brands report noted that brands can collect data including your name, date of birth and email address, through to your weight and height, pets, hobbies and preferences. Brands you do business with may also have access to your payment information, bank card details, geographic location and movements, purchasing history, family contacts and more.
The report ranked Facebook and Instagram as brands with the most information about users, including face, environment and product recognition, contacts, voice data recognition, access to your image library and language. But other brands like Google, Uber, TikTok, Spotify and Twitter also have access to vast amounts of data about users.
This data is generally gathered to make apps and services more efficient and relevant, or to tailor marketing. But in the wrong hands, this data makes people very vulnerable. Because our personal information is such a hot commodity, we need to be even more vigilant about how it could be used for identity theft, or to defraud us through phishing. It is important to remember that social engineering is much easier if an adversary has a great deal of background information about you: for example, you might believe your bank is calling you if they know your ID number, account number, address and other personal details. You could then be tricked into sharing your one-time PIN and have money stolen as a result.
As an individual, you need to be aware that our information is being traded not only by marketers, but also by adversaries. We cannot control a large company being hacked, or if Facebook changes its terms and conditions, but we can protect ourselves by being mindful of the fact that people could be trying to trick us by using legitimate information against us.
I recommend basic precautionary measures such as not using the same password across multiple accounts, not clicking on suspicious links and never sharing your one-time PIN or banking PIN code with a caller. Consumers should also check their credit score and credit card statements frequently to pick up potential cases of identity theft or fraud.
- Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa