Gathering OUR BREADCRUMBS (Pt. 2 of “Why Don’t You Go Dox Yourself?”)
<span data-contrast="none"> Sharing will be caring… but on the net, posting could be tricky also! Whenever we post something, we must </span> <b> <span data-contrast="none"> go through the forest and not simply the trees </span> </b> <span data-contrast="none"> . Doxxers usually focus on one or two bits of innocent or general public information relatively, but by linking the dots between those pieces they are able to build a frighteningly complete picture of a person. </span>
<span data-contrast="none"> Apparently innocuous details could be pieced together right into a much more personal user profile when gathered and leveraged for more information. As you example, your wish checklist/wedding registry allows you for family and friends to get you presents that you truly want, but may be used to learn products/services you’re thinking about as </span> <a href="https://www.csoonline.com/article/3546299/what-is-pretexting-definition-examples-and-prevention.html" target="_blank" rel="noopener"> <span data-contrast="none"> pretext </span> </a> <span data-contrast="none"> (setting the picture) of a discussion or phishing email attempting to gather more. You might have Google Alerts create for the name (a good idea!), but this might not flag textual content in scanned paperwork such as for example school yearbooks, newspapers along with other digitized paper records accessible on-line. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span>
<img class="aligncenter wp-image-418454 size-medium_large" src="https://infracom.com.sg/wp-content/uploads/2022/10/Screen-Shot-2022-10-12-at-12.25.32-PM-768x411-1.png" alt width="640" height="343" />
<img loading="lazy" class="aligncenter wp-image-418455 size-medium_large" src="https://infracom.com.sg/wp-content/uploads/2022/10/Screen-Shot-2022-10-12-at-12.26.29-PM-768x413-1.png" alt width="640" height="344" />
<span data-contrast="none"> If the aforementioned sounds scary - don’t panic! Pick in this <a href="https://blogs.cisco.com/security/why-dont-you-go-dox-yourself" target="_blank" rel="noopener"> auto-dox </a> is likely to be brainstorming just as much </span> <b> <span data-contrast="none"> personally identifying information (PII) </span> </b> <span data-contrast="none"> shared online as you possibly can. I suggest achieving this either in a secure note or longhand. The target is to write down every one of the accounts/addresses/phone numbers which come to mind, as these are a number of the top items that attackers shall make an effort to gather within their search. Start your list here: </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span>
<ul>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="1" data-aria-level="1"> <b> <span data-contrast="none"> Your name: </span> </b> <span data-contrast="none"> This is your real name, in addition to any names you pass in public such as a writing pseudonym, nickname, or stage name. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="1" data-aria-level="1"> <b> <span data-contrast="none"> Your contact number(s): </span> </b> <span data-contrast="none"> Many social media marketing networks let you research friends during your contact book or by their contact number, and several other legitimate websites use simple verification of one's phone number as a genuine solution to prove your identity. An attacker may take advantage of both these plain things. Don’t forget work numbers or old telephone numbers! </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="2" data-aria-level="1"> <b> <span data-contrast="none"> Your email(es): </span> </b> <span data-contrast="none"> This is actually the other main solution to research contacts on social media marketing, and for many people it’s also the strongest common link between accounts. If you are using a work or school email, there’s also an excellent chance in addition, it contains part or all your real name (like “ </span> <a href="mailto:first.lastname@school.edu" target="_blank" rel="noopener"> <span data-contrast="none"> first.lastname@school.edu </span> </a> <span data-contrast="none"> ”). </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="3" data-aria-level="1"> <b> <span data-contrast="none"> Your social media marketing: </span> </b> <span data-contrast="none"> We share quite a bit on social media, and also if you’re careful about not sharing your real location or name, other information like where you head to school/work, what groups you’re a known person in, who friends and family are, and what you’re thinking about can all help paint an image of who you're. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="4" data-aria-level="1"> <b> <span data-contrast="none"> Where you are: </span> </b> <span data-contrast="none"> Previous and current home addresses can be used to verify identity despite the fact that many are available online, so we’re likely to use some free “data scraping” tools inside our research to see what information is obtainable. These sites collect public information like birth, death, and marriage records and make sure they are searchable. There’s an excellent chance that there’s several person together with your name unless it’s very unique, so these sites enables you to add more information just like a city usually, zIP or state code to narrow down results. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="5" data-aria-level="1"> <b> <span data-contrast="none"> Your selfies and avatars: </span> </b> <span data-contrast="none"> Sometimes getting usage of private photos (especially sexytime pics) may be the objective of doxxing, nonetheless it can be a great way to link different accounts also. For example: Are you experiencing your Facebook photos associated with your Tinder profile? Someone might use a </span> <a href="https://images.google.com/" target="_blank" rel="noopener"> <span data-contrast="none"> reverse image search </span> </a> <span data-contrast="none"> or site like TinEye.com to see where else you’ve shared exactly the same pic. Newer sites like </span> <a href="http://pimeyes.com/" target="_blank" rel="noopener"> <span data-contrast="none"> pimeyes.com </span> </a> <span data-contrast="none"> even provide “fuzzy” search tools, where one photo of a person’s face may be used as a seek out other, DIFFERENT photos of this person. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
</ul>
<h2> <span> <strong> DEEPER DIVE: EMAIL ADDRESSES AND USER ACCOUNTS </strong> </span> </h2>
<span data-contrast="none"> Email addresses are a particularly juicy target for someone attempting to locate you, because a lot of people only use one personal and </span> <i> <span data-contrast="none"> maaaybe </span> </i> <span data-contrast="none"> another school or work email account. Those accounts are linked with all our other online identities and frequently double as our username for logging in. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span>
<ul>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none"> If you already work with a </span> <a href="https://www.csoonline.com/article/3198507/the-best-password-managers.html" target="_blank" rel="noopener"> <span data-contrast="none"> password manager </span> </a> <span data-contrast="none"> , you’re of the overall game ahead! Review the existing accounts and credentials that you’ve already added. With regards to the tool you use, this might also notify you of breached or reused passwords which have appeared in previous hacks. And, if you’re not utilizing a password manager, now will be an excellent time and energy to check a number of the available choices and set one up! In this manner you can include your collected credentials and update reused or weak passwords as you go. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none"> Talking about breached passwords, </span> <a href="https://haveibeenpwned.com/" target="_blank" rel="noopener"> <span data-contrast="none"> HaveIBeenPwned </span> </a> <span data-contrast="none"> enables you to search a contact or contact number to see if it seems within their breached data database. And don’t be surprised if one (or several) of one's accounts arrive here - with an increase of than 11 BILLION accounts currently collected, the chances tend you’ll find something. Note it for the present time and update the password and enable strong authentication (more with this later). </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none"> It is possible to enter a username or email on </span> <a href="http://namechk.com/" target="_blank" rel="noopener"> <span data-contrast="none"> NameChk.com </span> </a> <span data-contrast="none"> , and it'll quickly search a lot of different services and demonstrate where that username has been registered. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none"> Searching your email inbox for common new account subject lines to get them manually. Try searching combinations of keywords: “confirm”, “activate”, “verify”, “subscription”, “account”, etc. (And when you’ve never tested Google’s </span> <a href="https://support.google.com/websearch/answer/2466433" target="_blank" rel="noopener"> <span data-contrast="none"> search operators </span> </a> <span data-contrast="none"> , you may get more specific in what to add or exclude even. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none"> Check what information is publicly visible on these collected sites. Execute a wishlist is had by you on Amazon? An “anonymous” Reddit account with exactly the same username as your Pinterest? An abandoned Tumblr or MySpace with outdated privacy settings? See when you can disable or restrict public viewing - some sites like Facebook ensure it is an easy task to </span> <a href="https://www.facebook.com/help/236898969688346?helpref=uf_permalink" target="_blank" rel="noopener"> <span data-contrast="none"> change privacy on old posts </span> </a> <span data-contrast="none"> . </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none"> Facebook, LinkedIn along with other social networks frequently have a “View As” option that enables you to see your profile as a stranger, a detailed friend of a pal, or perhaps a direct friend. Look at each one of these views and consider if you'd like that given information public and searchable. These settings could be sneaky sometimes! On one review when i set all my pictures on Facebook to private, I tested visiting my page as a stranger and realized that my “featured” pics have been set to public without my noticing. </span> </li>
</ul>
<span data-contrast="none"> Once you finish this process, you'll likely have dozens as well as hundreds of “breadcrumbs” between your account list and serp's. Go through your list again, and we’re likely to sort it into three categories: </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span>
<ul>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="1" data-aria-level="1"> <b> <span data-contrast="none"> Critical: </span> </b> <span data-contrast="none"> That is for accounts with private or potentially damaging information inside them - services like your web patient portal for the physician together with your medical information, or financial accounts that could include your banking information or social security number. As these represent the best risk if compromised, they’re near the top of the list to repair. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="2" data-aria-level="1"> <b> <span data-contrast="none"> Wanted: </span> </b> <span data-contrast="none"> That is for everything else that you would like to help keep but isn’t nearly as sensitive because the first category. News site logins, loyalty club websites and special interest forums might all be accounts you intend to maintain, so they’ll maintain the queue behind our top priorities also. </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span> </li>
<li data-leveltext="·" data-font="Symbol" data-listid="2" data-list-defn-props=""335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"·","469777815":"hybridMultilevel"" data-aria-posinset="3" data-aria-level="1"> <b> <span data-contrast="none"> Unwanted: </span> </b> <span data-contrast="none"> As stated previously, you’ll likely unearth some forgotten or abandoned accounts that you longer require no. If you will never need to again log into that account, take the right time and energy to cancel or delete it. If your data is not any longer stored by way of a service it becomes a lot more problematic for an attacker to get it! You may even discover a surprising quantity of your information can be acquired through people search services and data brokers that you don’t want shared, and we’ll begin working on next. </span> </li>
</ul>
<span data-contrast="none"> Congrats! You’ve already got a far greater idea of what folks can find out about you than most folks ever do, and so are well on the way to cleaning up your web footprint. In our next thing, we’ll start locking down precisely what you intend to keep! </span> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span>
<i> <span data-contrast="none"> P.S. If you’re enjoying this technique and value keeping people safe online, please have a look at our </span> </i> <a href="https://duo.sc/security-jobs" target="_blank" rel="noopener"> <i> <span data-contrast="none"> open roles </span> </i> </a> <i> <span data-contrast="none"> at Cisco Secure. </span> </i> <span data-ccp-props=""201341983":0,"335559739":160,"335559740":259"> </span>
<hr />
<em> We’d want to hear everything you think. Ask a relevant question, Comment Below, and Stay Linked to Cisco Secure on social! </em>
<strong> Cisco Secure Social Channels </strong>
<strong> <a href="https://www.instagram.com/CiscoSecure/" target="_blank" rel="noopener noreferrer"> Instagram </a> </strong> <br /> <strong> <a href="https://www.facebook.com/ciscosecure/" target="_blank" rel="noopener noreferrer"> Facebook </a> </strong> <br /> <strong> <a href="https://twitter.com/CiscoSecure" target="_blank" rel="noopener noreferrer"> Twitter </a> </strong> <br /> <strong> <a href="https://www.linkedin.com/showcase/cisco-secure" target="_blank" rel="noopener noreferrer"> LinkedIn </a> </strong>
<pre> <code> <br>
<br>