New Times,
New Thinking.

Advertorial feature by Cyber
  1. Spotlight on Policy
  2. Tech and Regulation
  3. Cybersecurity
9 March 2016updated 09 Sep 2021 1:31pm

Who’s hiding behind your app?

David Emm, principal security researcher at Kaspersky Lab, considers the new risks

By David Emm

Mobile phones have become a ubiquitous technology and an extension of our everyday lives. With the rise of technology came the emergence of various social media platforms and applications designed to make our lives easier and more convenient: for example, online dating apps aiming to help us find companions. However, with our connected culture come great risks, such as identity fraud, harassment and theft. Beyond a handful of pictures, emojis and lighthearted messages, you have very little knowledge of a person’s true intentions or motives when they are positioned behind a social media account or dating profile.

Recently, there have been calls to increase awareness of these dangers, as it has been reported that crimes relating to dating apps have increased by 560 per cent in the past two years. In 2015, there were a huge 412 crimes relating to just Grindr and Tinder.

There are clearly dangers associated with consumers sharing too much information on social media using modern dating apps. However, there are also risks businesses need to consider when they have a mobile workforce accessing such applications and using the same devices for work.

Identity fraud

When you’ve booked a holiday and received your ticket, it is not uncommon to want to post pictures of your boarding pass on the likes of Facebook and Twitter.  However, this is one of the fundamental mistakes we make.

Not only are you providing all of your travel details with potential criminals, they also aggregate personal information about you from several places on the internet, which could lead to the fraudsters finding out where you live. And if that is the case, you’ve just told them that the house will be empty for two weeks.

Additionally, when you post pictures on social media, there is the inherent risk of having your “face” stolen.

Everyone loves to take a “selfie”, but posting pictures to Facebook for the world to see opens up a whole new world of problems, considering that the content is accessible by cyber criminals. It is already possible to put on the face of another person during a video call. In fact, there was an app in 2011 which could easily overlay a face from a photo on to a moving face in a video, dynamically.

With technology available that is already five years old having the ability to “steal your face”, precautionary measures should be implemented now in order to combat identity theft.

Unfortunately, the dangers of oversharing information aren’t always glaringly obvious, and we’re even more likely to be caught off guard when using a smartphone or tablet to go online. These devices haven’t often been a target for cyber criminals in the past, so we unknowingly feel secure using them. It’s important to avoid a false sense of security when posting information online. There’s a good rule to live by to help avoid oversharing information online – if you wouldn’t publish something on the front page of a newspaper, don’t post it online.

So, how can we do a better job of protecting ourselves online? When using social media, it’s important to note that each individual social media platform is a treasure trove for scammers who are able to gather users’ personal data. This data is then often used to engage in fraudulent activities. To counteract this, it is always a good idea to check your security settings on the likes of your Facebook, Twitter or even Instagram account.

Social business

There are two aspects one needs to consider when using social media platforms. The first is privacy. It is imperative to understand how you can restrict what someone else can find out about you online. You also need to be aware of what happens to the information you share through a social network – either with others, or with the provider of the service.

Consider who owns the data you publish and how the provider will use it in the future. In the case of a business account, it makes sense to give it a generic name, rather than linking it directly to a person. This immediately distances the account from a specific employee – and makes it less personal if someone directs abuse at the account.

The second aspect that comes into play is security. Use only secure web pages to log into online accounts. Check that the URL starts with “https” and click to check the security certificate.

You should also be careful when accessing an account. Public, untrusted wifi is fine for general surfing, but unsuitable for confidential transactions or sharing private company data. This is due to the danger of accessing rogue hot spots, or of unencrypted data being intercepted. Finally, access sites from secured devices only – devices that are protected using internet security software and patched with the latest security updates.

Dangers of dating apps

Online or offline, meeting strangers will always have inherent risks. The risks become even more prevalent when using online dating apps. As such, it pays to take the same precautions when arranging a real-world meeting with an online date as you would in “real life” – for instance, you wouldn’t arrange to meet a real-life first date down a dark alley having told no one where you were going.

Various measures can be taken in order to minimise these risks, and while taking such precautions might not make you totally safe, they limit your exposure to risk.

The first and most obvious measure is not to trust people online automatically. There’s no way to identify someone’s true appearance or motives through the messages they are exchanging with you. Take the Ashley Madison hack. Of the 37 million registered users, approximately 12,000 of the active accounts turned out to be real women. Most of the others were either men or just bots.

Second, and this relates back to the usage of social media, linking your Facebook or Instagram profile with an online dating app can prove to be problematic, especially in the hands of burglars or fraudsters. If you happen to “match” with someone with ill intent, they are able to gain access to your social media pages, which are likely to include addresses, pictures and more personal information.

There isn’t a digital platform in existence that is 100 per cent secure, especially with the likes of dating apps, dating websites and social media being utilised every day by a significant portion of the global population. However, another platform that is equally insecure but often overlooked in terms of security is the messenger app. Research by the Electronic Frontier Foundation (EFF) showed that most popular messengers do not boast high security levels. The highest score that a secure messenger app could get was seven points. Unfortunately, Skype, AIM and BlackBerry Messenger notched up merely one point each, whereas Viber, Google Hangouts, Facebook Messenger and Snapchat scored as high as just two points. Even WhatsApp, which recently announced that more than a billion people use its messaging app, scored no better than two points.

In the case of the Ashley Madison hack, it is clear that hackers are targeting not only individuals, but businesses, too. The company reportedly asks its customers to pay a fee of $19 to erase their profiles if requested. However, their profiles aren’t completely wiped as promised.

Since then, the hackers have actually said that because a lot of the members use credit cards as a method of payment, their site records show real names and addresses – which, of course, is the most important information that the site’s customers want removed.

Another consideration is that the lines between using mobile devices for leisure and business have also become blurred. Although it’s clear that both the general population and businesses around the world are becomingly increasingly aware of BYOD, it is often difficult to translate that into action. With this, the number of consumers accessing certain applications on their smartphones grows for businesses, too. Companies need to ensure that their employees are aware of the threats they may be posing to the organisation.

So, how can we ensure that both businesses and consumers in general are doing the best they can to protect themselves online? It is vital that businesses consider the human dimension of security and ensure they make security awareness an essential part of their IT strategy. Businesses also need to adopt an indepth defensive approach, rather than relying on perimeter defences.

In today’s mobile business environment, they need to apply a “security wrapper” around every employee – so that they are protected wherever they work and whatever devices they use. 

Topics in this article : ,