Personal Data Protection

-
If you have been reading my Personal Technology Security Series posts, you now know that online fraud and cybercrime are mostly done with minimal or even no hacking involved.  A lot of victims' accounts were compromised through social engineering -- the victims were somehow tricked into disclosing enough information so that allowed fraudsters to perform transactions in their name.  I know of a lot of cases where the victims themselves disclosed their passwords through phishing/SMISHING/VISHING and their savings go missing in front of their eyes.  Credit/debit card holders unwittingly disclosing their card numbers and watch as their debts rack up.

Credit Card, Bill, Bank, Statement, Money, Plastic

But social engineering is not the only way cybercriminals and fraudsters gather information that they can use to do their nefarious jobs.  One way they get useful information is through carelessy trashed account statements from banks and credit card companies.  This document contains everything that a cybercriminal needs to start compromising accounts -- the first step to stealing actual money.  Account statements typically contain the cardholder's complete name, address, account number and account balance.  Using other publicly available information, usually from social media sites, and the fraudster/cybercriminal will have enough information to access funds!

That is just one example of how people are scammed just by being a bit careless in disposing of their account statements.  There are other ways to get into people's personal information.  A carelessly unlocked cellphone contains a plethora of information that can compromise not only its owners but also the contacts saved on the phone.  A computer or cellphone brought to a repair shop has gigabytes of information about its owner in its storage.

So how to we protect our personal data in order to prevent fraud?  First thing to know is to determine what information is important to us.  When filling up forms on a bank or an application for a loan/credit card, observe the information the institution is asking for. At least 9o% of the information in the form, if taken together, constitutes "personally identifiable information" (PII).  This set of information IS a person and with this, accounts can be opened, and loans can be applied for, etc. As important as it is, it needs to be protected.  Here are some tips in protecting your own personal information:

  • Be mindful when disposing old documents.  Check old documents to make sure that it does not contain any personally identifiable information.  However, whether it contains a complete PII or not, it is always prudent to shred documents before disposal to be on the safe side.
  • NEVER drop your calling cards in exchange for being included in a raffle promo on coffee shops/restaurants/stores.
  • When bringing iin your gadgets for repair, make sure that you do a full backup of your data and do a factory reset first.  For laptops, do the same thing: backup your data and format it first.
  • When disposing of or selling gadgets, do the sa factory reset/disk format to protect your information from prying eyes.
  • Banks rarely call customers to "verify" customer information.  The only time they verify information through the phone is when you, the customer, is the one that initiates the call.

 There are other ways to expose and also protect your personal information.  But the best way to go about this is to always use your commone sense when dealing with and disposing of your own personal information.


Comments

Post a Comment

Popular posts from this blog

GCash Security Scare: Rethinking the Safety of Digital Wallets

-
Image
A few days ago, many people woke up to find unauthorized transactions in their GCash mobile wallets. These transactions, which occurred at a rate of Php 2,000 per transaction, even affected a local actress, drawing widespread attention. While the technical cause of these unauthorized transactions remains a mystery, I believe it’s crucial to address the underlying issue: GCash, and other mobile wallet applications in general, are essentially digital versions of physical wallets. Storing money in wallets, whether virtual or physical, inherently carries risks, with theft being the most significant concern. Physical wallets have been the target of various theft methods, and this raises the question: why do individuals, regardless of whether they use digital or physical wallets, keep a substantial amount of money in their wallets? Wouldn’t it be safer to deposit these funds in a bank or keep them securely at home? While this doesn’t absolve GCash of responsibility, it’s important to recogni...
Read more

When Malware is Digitally Signed by an Anti-Malware Company

-
Image
  In October 2024, a sneaky malware campaign started spreading. The threat actors used a message that looked like it came from the Israeli partner of ESET, a well-known anti-malware company. They targeted Israeli businesses and educational institutions. But here’s the catch: the message didn’t show any signs of having malicious content. Analysts who initially checked out the email thought there was nothing fishy about it. The email warns recipients that their company is being targeted by “state-sponsored threat actors.” It suggests downloading and installing the “ESET Unleashed” app to protect against this threat. The email’s link seems legitimate, pointing to a valid ESET server. The file on the download link contains an executable file (Setup.exe) and four DLL files. Upon closer inspection, it turns out that the DLL files are part of ESET’s anti-virus software, but the EXE file is actually a malicious data wiper but it was digitally signed by ESET. This malware has an interesting...
Read more

Tech Party List, A Satirical List

-
Image
  **WARNING:** This post is not intended for individuals who are easily offended. Should you find satirical content objectionable, please leave this page immediately. YOU HAVE BEEN WARNED. With the Philippine elections coming very soon, One of the most colorful part this national exercise is the proliferation of Party Lists that have a great name recall. In the Philippines, the party-list system is a mechanism of proportional representation in the election of representatives to the House of Representatives. This system allows national, regional, and sectoral parties or organizations to gain seats in the House based on the proportion of votes they receive. The goal of the party-list system is to ensure that marginalized and underrepresented sectors of society have a voice in the legislative process. Each party-list group represents specific sectors such as labor, farmers, women, youth, indigenous peoples, and other marginalized groups. Voters can choose a party-list group during el...
Read more