A funnier story is that of a Pennsylvania man wanted for assault who shared his picture on Facebook – obtained from the police department’s website only moments after it was posted – which he accompanied by “LOL” (“laugh out loud” for any Luddites reading this) and other comments mostly consisting of deleted expletives. The police immediately noticed the re-posting, contacted him posing as a woman, and arranged to meet him for a cigarette. After hiding from the police for three months, the man engineered his own arrest within one hour after his gleeful use of Facebook.
There are hundreds of these stories. Although amusing, I can’t help but wonder what on earth these people are thinking. Or more accurately, are they thinking at all? But while these are obvious blunders, what about the more subtle disclosures that the average person makes every day? “I started my new job today at ABC. Thankfully I have only a 10 minute commute.” “City opened a great new dog park right next to my apartment. Great for that after work outing.” “Have to be in Dubuque again next week – only flight that gets me there for Monday meeting leaves Sunday at noon.”
Bits of information like this are communicated all the time, and seem innocent enough. But put them together with your professional bio on LinkedIn, photos of your house and dog on Instagram, cookies showing your shopping history…well, you get the picture. And so can others.
Among other things, the massive amount of data that we voluntarily disclose has enabled cybercriminals to refine their phishing scams. The once popular generic mass emails from the Nigerian prince or Swedish lottery have given way to the personal email from a bank, credit card company or neighbor. Using the personal information that is freely available, “spear phishers” are able to target individuals or shared-interest groups with personalized communications in an attempt to gain access to really valuable personal information, such as passwords, credit card numbers or even social security numbers.
If you’re curious about your own vulnerability, do a simple Google® search of your name and look at the “images” item that will show up near the top of the search results. I’m not a big social media user, so I found mostly a bunch of trademarks (I’m listed as the attorney of record in the publicly available records of the United States Patent and Trademark Office), sketches of fellow entreVIEW bloggers, photos of others at Gray Plant Mooty, and a bunch of things that mean nothing to me. There was also a picture of my mother (maybe from her obituary?) and a vacation picture of some friends that I simply cannot figure out how it was connected with me. Even with this limited information, someone could put a pretty good profile together for emails that might look legitimate to me.
So, think before you post, don’t “friend” anyone you don’t really know, never give up a password, and study that email address and message before you click on the hyperlink. Or just don’t click on the link at all.
Is it only a matter of time before we have Darwin Awards for social media postings, or is it something that already exists and I’ve just missed it?