We have read many articles and watched the news about hackers breaking into websites of unsuspecting corporations and small businesses more and more often. When that happens, tens of thousands of people are put at risk for identity theft when their metadata is stolen. What is metadata and how is it used? That is what this article is going to explain.
What Metadata Contains
Metadata is basically a trail of data that is spread out across a network. Every time someone goes shopping or buys a service (whether online or offline), their personal data is entered into a computer database. Metadata typically contains the person?s name, address, phone number, credit card number, email address and even personal or business bank account numbers.
Why a Cyber-Criminal Steals Metadata
Cyber-criminals can work alone or in a group to collect massive amounts of personal data, which they can use to:
- Extort a business
- Blackmail a business or individual
- Apply for fraudulent loans and credit cards under a person?s or business?s name
- Illegal money transferring
- Gain unauthorized access to personal online accounts, such as Amazon or Facebook
- For malicious enjoyment
- Revenge against a person or a business
The most well-known attacks involved Target, Ashley Madison, Yahoo and Adobe. Doctors? offices have also been targeted, exposing the medical records and personal data of their patients for the world to see. This has the potential to affect an individual?s health care coverage, which could prevent them from receiving care for serious illnesses or medical conditions. These attacks have the potential to destroy reputations, credit scores, and relationships. In the case of Ashley Madison, internet vigilantes used the stolen data to target users for extortion with the threat of public shaming on a global scale. Some were bullied into committing suicide, while others had their lives ruined from the exposure.
How a Cyber-Criminal Steals Metadata
There are many ways a hacker can obtain metadata illegally. The most common way is phishing or vishing attacks. An unsuspecting user receives a fraudulent email with the name of a reputable company and clicks on the link that they think will take them to the website to perform some type of action. Instead, they are taken to a fraudulent site, where they enter their username and password for the hacker to obtain. Another rising trend is ATM and store checkout kiosks. Hackers use heat-sensing technology to acquire the PIN numbers from unsuspecting customers as they withdraw money or pay for their groceries. Others use key logging software to record the passwords that workers use repeatedly. Since most people are creatures of habit, this is a very easy process for the hacker to undertake. Once the attacker obtains the password and metadata, they can use this information for whatever purpose they want. Experienced hackers may focus on businesses that rely on a large network. They will monitor the activity so that they can glean the patterns of the users. The second approach is more focused on a particular individual?s metadata activity, once the hacker learns the individual?s habits. Then they will start culling the data from multiple sources to produce a clear picture of that person?s vulnerabilities. Target experienced one of the largest attacks in the history of retail America on or before Black Friday of 2013. The thieves installed data-stealing code onto card-swipe machines at every store. Approximately 70 million customers had their data stolen and sold to underground marketplaces that holiday season.
Ways to Keep Your Personal Information Safe
While not foolproof, there are many ways that you can protect your metadata from getting stolen.
- Consider using a VPN service. These services not only cloak your presence online, but offer industry-leading procedures to protect your metadata from getting stolen. They are available for your computer, tablet and smartphones. Many of them offer family plans and low-cost subscription rates.
- Block those annoying ads that not only interrupt your browsing experience, but track your online activity like a creepy stalker. Both Firefox and Chrome offer ad-block extensions.
- Disable JavaScript. This not only blocks ads, but those annoying modal windows that beg you to share their site on your social media pages. It also turns off scripts that can leave you vulnerable to hackers and malware.
- Generate strong and unique passwords for every website you frequently shop or visit. There are plenty of apps available for your computer and devices that will help you generate and manage your passwords.
- If you don?t want another app clogging up your system, you can opt to change your passwords manually. Just don?t use the same password for every account. Use upper and lowercase letters, numbers and punctuation so that it isn?t as easy for the thief to figure out. Keep these written down somewhere in case you need them.
- When shopping offline, use cash or a gift card. If you have to rely on your ATM or credit card, check your balance at least once a week to make sure there are no suspicious transactions. Banks are typically good at alerting their customers about potential fraud, but they don?t always catch everything, especially when the thief knows your shopping habits.
- Also pay attention to the type of spam you receive. If you didn?t order car accessories and are receiving emails from places you?ve never heard of, then it?s possible that your metadata has been compromised somewhere. Probably when you signed up to receive a free report or a free course in your area(s) of interest.
- Check with the major credit agencies, such as Equifax to make sure no one has applied for loans and credit cards under your name.
Conclusion
Cyber-criminals have many ways in which to steal unsuspecting people?s metadata and use it for their own personal gain, whether it be financial or emotional. The risk of theft increases as technology continues to evolve. That doesn?t mean that people can?t be proactive in protecting their sensitive data against these attackers. There are many ways that they can proactively safeguard their information, both online and off.