If you navigate around the internet, you’ll leave traces. Anyone who makes their Facebook timeline public and feeds the Silicon Valley giant with information on their age, favorite music/games/brands, etc. will end up leaving a digital footprint as big as Godzilla’s. You can read it clearly in the general terms and conditions: Facebook not only has the rights to all the images you upload onto the platform, but it can also sell public profile data on (i.e. like a digital dossier) to its partners. However, many users do not see this as a problem: after all, a quarter of those surveyed were happy to see personal advertising based on data evaluation. This makes searching for consumer goods a lot easier.
However, everyone should be aware that this could end up with your data falling into the hands of criminals. In addition, users are rarely aware of how far their data travels on the net. Even if you download an app, you often have the choice to allow the app access to certain information. This personal data is what makes social media users interesting for companies – sometimes you can earn real money by selling this information or at least tailoring advertising to the user.
Compared to this, personalized advertising is a relatively harmless use of personal data. When so-called social engineers get hold of your data, the threat is a lot bigger. They are modern-day con artists: social engineers deceive their victims to get their data or money. They use different methods to do this: as a rule, they adopt a false identity to gain the trust of their potential victim. Either they present themselves as someone from the authorities (e.g. someone from a bank or from the government) or they impersonate friends or relatives. They do this by hacking accounts and then writing to the contacts, for example.
Baiting is a special kind of social engineering: providers of supposedly free downloads ask for your account login information, which they then use to access your e-mail. Quid Pro Quo is a method whereby fraudsters pretend to offer certain services or information if the user follows their instructions or divulges technical data beforehand.
An example: if the con artist is pretending to be from an IT company that offers a quick fix for common bugs, they might ask the victim to turn off their firewall and install an update. This update then turns out to be a virus or spyware.
Phishing attacks feed on victims’ fear and their trust in authorities. For example, many phishing e-mails base their text and design on those from banks and renowned service providers. They then link to websites similar to those of respected authorities. If you enter your bank details there, they will be forwarded directly to cybercriminals. Another possibility is identity theft, where the perpetrators do business or commit crimes under your name.