There is a curious and involuntary complicity between those who fear that social platforms make excessive use of their data and those who provide them with information in quantity. The Post focused on the dangers inherent in publishing photos of boarding passes without obscuring sensitive data, above all the QR Code which is full of data and on which we will return later.
There are information that should never be posted online, under penalty of paying a heavy price. And this is not only true around the holidays.
The chronicles are full of episodes told by people who, publishing the photos taken in real time during their travels, they gave way to thieves who took advantage of their absences. But these episodes are only part of the problem.
The “Hi Dad, I broke my phone” alarm: the scam travels between SMS and WhatsApp by Emanuele Capone 07 August 2023
The question of the QR Code
QR Codes and barcodes contain a lot of information. In the case of boarding passes, may include email addresses and telephone numbers which, together with the traveller’s name, may be useful for an attacker to change the booking and cancel the return flight. The frequent flyer number, the code that is issued by airlines to tireless travelers and which generally entitles you to free miles, can be used by third parties to sell those same free miles on parallel and underground markets. Not at least, using phishing techniques, the ticket holder can be contacted by self-styled airline employees and be the victim of scams that tend to extort money.
The most correct behavior is therefore to do not publish photos that refer to travel and travel. Covering sensitive data is not enough, because the fact remains that you are communicating to a vast (and uncontrollable) audience of people that, for a certain period, you will be away from home. “Publishing a ticket online could not only reveal the information reported on it, but also information that can be obtained by interacting with third parties thanks to the data present on the ticket”, is the explanation of Pierluigi Pagani, cyber security expert e intelligence.
The same is especially true for newly renewed passports and electronic payment instruments. Data lends itself to both classic scams and identity theft. On closer inspection, there isn’t a single valid reason to publish similar photos which, moreover, really only interest those with less than noble intentions.
The journey and the destination
Sharing information about the trip you are about to do on social media is unwise. The fewer people know about it the better, and that goes for all family members, even the youngest. Keeping a low profile and overcoming the understandable enthusiasm that drives one to shout from the rooftops about the destination chosen for the holidays and their duration is something that goes beyond mere attitude, it is a defense tool.
Dream locations
Another precaution to take is that of publishing the photos of the trips only after returning home. Anyone who sees the shots of the holidaymakers online can infer various information, some real and some presumed: first of all, they understand that the authors of the photos are not at home and, especially if the holiday destination was exotic and particularly luxurious, the bad guys can read a welfare statean opulence that can become an attraction, an opportunity for any apartment thief.
It should also be considered that, and this is a side observation, the continuous posting of photos online distract from the vacation and moves away from that condition of relaxation that is sought during the holidays: “Disconnect from online life” should become a mantra.
Distance yourself from need to publish holiday photos in real time is an attitude to be extended to the whole family, even the youngest. To help parents there are various solutions for parental control, filters that authorize or deny the use of applications and features of mobile devices but, even in this area, it is advisable to move with lead feet.
Prophylaxis and hygiene
Precautions to be taken in the matter of social sharing when on vacation they are the same ones that should always be taken and vice versa. Leaving too much information about yourself online is inconvenient both from the point of view of privacy and from the point of view of IT and personal security.
Again Paganini: “Every information we publish is comparable to a piece of a puzzle. Taken individually it might appear insignificant, however an attacker could collect all these pieces to put them back together and have a complete picture of us and our habits. Once this image is obtained, it will be child’s play for an attacker to attempt to lead different types of attack for the most disparate purposes, from identity theft to financial fraud”.
Since most of the tools found online, social media included, correspond to a digital transposition of what we do offline, it is precisely from offline life that we should take inspiration to maintain a certain hygiene in sharing information. In this case, the parallelism of the unknown in an elevator to which one would not give much confidence and to which, certainly, it would not reveal personal information. When you post content online, it can be read by a multitude of strangers in an elevator.
“The first rule – Paganini explained to us again – is that of reduce our attack surface and this is possible by sharing our information only when necessary. We therefore limit the amount of personal information we share online, for example on social media. We learn to set up our profiles correctly, carefully choosing which and how much information to share and for what purposes. We do not give information about our travels to avoid exposing ourselves to cyber attacks as well as to the activities of stalking”.
Also, it is good practice to limit access to our information to only people we really trust. Never share personal and financial data via email, let alone over the phone if we received an unsolicited call.
The pieces of the puzzle
All information, as Paganini explains, is a piece of a puzzle, e the video above returns a plastic dimension of meaning of this statement.
In addition to all this, the etiquette rules offline: avoid showing off expensive purchases, communicating in real time where you are, providing detailed information on your workplace and last but not least (although it is almost obvious to say it) never publishing telephone numbers, email addresses and all those information we would not give to strangers.
The Amazon High Tech Trading alarm, what is behind the telephone scam and how to defend yourself by Andrea Nepori 03 August 2023
Protect the house
We then suggest some simple measures to limit the risk of unwanted visits when the house is vacant and unattended. Alarms, video cameras and neighbors you can ask to look out for are good deterrents, but just as digital is a vector of risk, it is also a carrier of useful tools. Who owns IoT devices for the home, for example, such as a smart TV or other remotely controllable devices, it can set up routines so that, especially during the night, the presence of someone at home is emulated. Turn on a light, radio or TV at sustainable volumes, just enough to give the bad guys the certainty that the house is not uninhabited.