Hyderabad: Personal information of netizens uploaded on social media like full name, date of birth and personal mobile number are becoming tools for hackers to breach bank accounts. Many security firms are concerned with the behaviour of netizens revealing personal information in social media which is unsafe.
In a recent study conducted across 14 countries to better understand netizens’ digital behaviour, done by Intel Security, it was revealed that Indians were most willing to share personal information despite knowing the risks. In most of the cases related to cybercrimes and illegal money transfers from netizens’ accounts, hackers obtained details from the victims’ social media profiles.
Senior Vice-President (India Operations) of Sophos, a cybersecurity solution firm, Mr Hemul Patel, said that social media was becoming favoured playground for online crooks to hunt down targets. “The use of social media to pull off scams has quadrupled over the last five years, according to the FBI’s Internet Crime Complaint Centre’s (IC3) annual report on Internet crime, most cases involving exploitation of personal information through compromised accounts or social engineering. Two common ways used by crooks to trap the victims are click jacking and doxing,” he said.
An official from Hyderabad city cybercrime wing said that hackers can obtain PAN number if they have one’s full name, date of birth and mobile number from the income tax website.
“With the help of these details, hackers are approaching mobile phone operators and submitting necessary details for SIM card swapping or the generation of new SIM card. All these will lead to allowing the hacker to change password from ‘forgot password’ section. Online banking will come within the grasp of the cybercriminal and he can transfer money or be able to obtain instant debit card from nearest branches of the respective bank,” the official said. Adopting similar modus operandi, cyber criminals from Delhi breached a senior citizen’s account and stole Rs 37,000.
Avoid same passwords for all a/cs
Always use different password for different sites. A common passwords is a skeleton key that unlocks all our accounts. Hackers can get into social media accounts to embarrass us, get access to our contacts, commit identity theft, and drain our bank accounts.
Regardless of how tempting it is to click on a links like “watch a zookeeper being eaten by a giant snake!” don’t do it if you are not sure. If you notice a scam, remove it and report to Facebook or whatever site it’s on. Keep reviewing the email address linked to your Facebook account, and frequently check it. Enable Facebook Login Alerts.
Even if someone does socially engineer their way into your account, when they log in, they’re likely to be in a different location to you. This unusual activity will trigger an alert to your account, allowing you to take corrective action, quickly.
Apps track your location and include it with your post. Turn off location sharing on the phone.
How personal data is being stolen
Clickjacking: This involves hiding hyperlinks beneath legitimate, clickable content that, when clicked, can lead to malware downloaded onto victims’ computers and can cause victims to unwittingly send personal information to a fraudster’s site. These involve rigged “Like” and “Share” buttons on social networking sites.
