Imagine you’re out walking one day and a stranger hands you a piece of paper. It lists her legal name, work history, and academic transcript. And that’s not all.
There’s a list of her family members, her workmates, and her favorite stores. Her email address and phone number. Her jogging routes, and her fastest laps. Her food allergies. Her date of birth.
Sound strange? It should. But alarmingly, when it comes to our digital footprints, a lot of us are just like that stranger, handing out our personal information to anyone who cares to look. And unless we take charge of this data, we put ourselves at serious risk of fraud.
In this article, we’ll explain what your digital footprint is, and how fraudsters can use it to target you and your organization. Then, we’ll show you how to take control of your data, minimize your footprint, and stay safe if you think someone is trying to scam you.
What is your digital footprint, and why does it matter?
Your digital footprint is the body of data you leave behind whenever you do anything online. Think of it as a trail of breadcrumbs showing all the sites you’ve visited, and all the interactions you’ve had. Ever.
This footprint consists of:
- Your active digital footprint: The data you intentionally share with others, for example, your LinkedIn or Facebook profile, your Google reviews, or other public information.
- Your passive digital footprint: The data others collect about you, often without your knowledge or consent, for example, websites tracking your IP address.
Your footprint offers a detailed picture of who you are and what you care about. Naturally, it’s a goldmine for scammers trying to commit identity theft, spear phishing, and other types of fraud.
Here’s an example of how fraudsters can leverage your footprint in practice.
Digital footprint fraud in action: The help desk impersonation
Let’s say a scammer wants to target you with some good old-fashioned phone fraud. To get started, they need some information, like one of your monthly utility bills. Once upon a time, they would have had to dig through your trash. Now, they can just find you on social media.
Bingo: they discover your angry posts to internet provider SpeedyWebz about some late fees on your last bill. Then, they find your mobile number on your company staff page, and use a White SIM card to spoof the SpeedyWebz help desk. Soon, you get a call.
“Hi, it’s Celine from SpeedyWebz. We can offer a 95% discount on your overdue late fees if you settle your account over the phone right now. I just need your credit card details to get started.”
Scary, right? Who wouldn’t jump at the offer!
This example shows just how easy it is for strangers to use our digital footprints against us – including through one of the most destructive scams of all: Spear phishing.
Learn more: Your Guide to NIS2 Compliance – And Our Free Cybersecurity Checklist
Our digital footprints are creating a golden age of spear phishing
Spear phishing is a sophisticated type of scam aimed at getting victims to transfer money, download malware, or divulge sensitive information. It’s a major cybersecurity threat, with an estimated 50% of organizations being targeted in 2023. It costs companies millions in disruption, reputation damage, and stolen funds. In some cases, it can even cost executives their jobs.
Unlike standard phishing attacks targeting a broad range of victims in the hopes that a few people will fall for it, spear phishing attacks are highly researched and customized to target specific individuals. This makes them much harder to detect – and a lot more likely to succeed.
Unfortunately, our extensive digital footprints are creating a golden age of spear phishing. We’re giving scammers everything they need to craft more effective fraud campaigns – and all for free.
Let’s look at a real-world example.
How Mattel almost lost $3 million to a targeted spear phishing campaign
In 2015, scammers targeted Mattel with a spear phishing campaign impersonating their new CEO, Christopher Sinclair, in a request to the company’s finance team to transfer $3 million USD to a fake vendor based in China. In this case, the scammers really did their homework.
They knew from Sinclair’s public statements that he was focused on expansion in the Chinese market, so the request wouldn’t raise any red flags. They also studied employee LinkedIn profiles to find people to mention in the email to boost legitimacy. Finally, they found examples of Mattel’s internal email format, creating a fake message that looked exactly the real thing.
The end result? The finance team transferred the $3 million, replying to the fake Christopher Sinclair to confirm payment. Later, one of the executives happened to mention it in passing to the real Sinclair, who raised the alarm. Fortunately, the attack coincided with a banking holiday in China, meaning the authorities could freeze the scammer’s account and recover the funds.
This example highlights the serious risks to organizations when employees share personal and professional information online. And with the rise of deepfake technology, spear phishing attacks are becoming even harder to detect. That’s why it’s more important than ever to take charge.
Speaking of taking charge, check out our free checklist on 12 essential cybersecurity metrics – and how you can really move the needle.
3 key steps to take charge of your digital footprint
So, how can you minimize your digital footprint and stop these types of scams before they start? Here are three key steps to help you get started.
Step 1: Search
Start by Googling yourself and seeing what shows up. This will give you a broad overview of the information you’re sharing at present, and what you can remove, delete, or restrict.
Pay close attention to your social media profiles, and check whether these are publicly accessible. You might see some unexpected pages, for example, staffing lists from old jobs. Put yourself in the mind of a clever scammer: How would you put this information to use?
You should also check whether any of your usernames and passwords have ever been included in any data breaches, for example, through searching Have I Been Pwned.
Step 2: Minimize
Next, minimize your digital footprint by deleting as many of the results from step one as you can. Remember: If you wouldn’t feel comfortable sharing it with a stranger in the street, delete it.
Remove any old social media accounts, and switch any essential profiles to the strictest privacy settings (ideally invite-only, with your full name and photograph hidden). Turn on multi-factor authentication, as this will lower the risk of identity theft if someone does access your login information. Finally, review your contacts and remove anyone you don’t actually know in real life.
Then, you’ll need to go one by one through the remaining items in your footprint and either delete these yourself, or ask the host sites to do so. These platforms and services have a duty to maintain your data privacy, so don’t be shy.
Step 3: Manage
Every time you share anything online, you add to your digital footprint. That’s why taking charge of your footprint isn’t just a ‘one-and-done’ exercise, but an ongoing job.
Set yourself a regular reminder to Google yourself every few months and see if any new items pop up that require your attention. Alternatively, you could create a Google alert for your name.
Be careful with any new social media requests that come your way, particularly from people you don’t know. If in doubt, deny the request – it’s better to risk coming off as rude than to put your personal information in the hands of scammers.
When it comes to your passive digital footprint, you can use a VPN to mask your IP address and make it harder for sites to track your activity. Finally, a digital footprint management tool such as Mine, Incogni, or DeleteMe can help you stay secure by actively alerting you to data risks.
What to do if you think you’re being scammed right now
With these three steps, you can start to take control of your digital footprint. But remember: Fraudsters never stop, and they might still find a way to target you or your team.
So, before we wrap up, here are a few tips on what to do if you think you’re being scammed:
- Take a deep breath. Most fraud attempts involve a time-sensitive element, such as a bogus overdue invoice or a fake compromised credit card. Whenever you’re dealing with an urgent or stressful situation, take a breath and ask yourself if it might be a scam.
- Look closely at the details. Fraud attempts such as spear phishing often have tiny details out of place, for example, an email address that isn’t quite right, or a payment portal with a weird URL. Look closely to make sure everything is legitimate.
- Use a side-channel. If a situation feels wrong, get in touch with the other party to confirm it’s really them. If your CEO or manager is requesting an urgent payment, contact them separately. The same goes for your bank – if in doubt, hang up and call the help desk directly.
- Alert your security team. Scams aren’t just your business – they’re a major threat to your wider organization. If you think you’re at risk, report it to your security team as soon as you can – and make sure they follow up on any potential threats.
- Call the authorities. Always tell the police if you think you’re being scammed. They have the resources available to assist you.
Stay safe by taking control of your digital footprint
Since the 1990s, we’ve gradually shifted more of our lives online. And while it might be more convenient to do our shopping, socializing, and professional networking online, all of this activity adds to our digital footprints, giving scammers more of a head start than ever before.
We need to take charge by thinking critically about the information we share and how it could be used against us. You can do your part by being aware of the risks involved with online sharing, minimizing your digital footprint, and knowing what to do if you’re being scammed.
One of the best ways to stay prepared? Invest in cybersecurity awareness training for your whole team. To find out how Albert can deliver fun and unforgettable training on digital footprints, spear phishing, and more, get in touch with one of our experts today.
Frequently Asked Questions:
- What is a digital footprint? Your digital footprint is the body of data you leave behind whenever you do anything online. This includes an active digital footprint consisting of data you share deliberately (e.g. your social media profiles), and a passive digital footprint consisting of data others collect about you (e.g. websites tracking your IP address).
- Why is my digital footprint so important? Your footprint offers a detailed profile of your personal and professional life (e.g. your relationship status), your online habits (e.g. where you shop), and even your physical location. Scammers can use this information against you.
- How can scammers use my digital footprint? Your digital footprint helps scammers personalize fraud attempts. For example, if your social media activity showed you were on holiday in the Bahamas, a scammer could impersonate you in an email to your colleagues and ask them to pay a bogus invoice you’d forgotten to process.
- What can I do to better manage my digital footprint? Start by Googling yourself, then minimize your footprint by deleting unnecessary information and switching social media profiles to invite-only. Don’t connect with people you don’t know in real life. A VPN or dedicated digital footprint management tool can also help keep your data private.
- What about my business? Businesses have their own digital footprint, including location and contact details (e.g. a headquarter address or help desk number), as well as customer reviews and rankings (e.g. ratings on sites such as Yelp or Trustpilot). It’s important to actively manage these digital footprints too.