The head of email security at Google says research tracing crypto thefts thefts back to comments made on online message boards means you should never talk up your crypto online, CNBC reports.
This is because you never know who is watching nor how the info you provide could factor into a hack. Very small pieces of seemingly irrelevant info are allowing hackers to intricately profile you, says Mark Risher. And you don’t have to be a bigwig to be a target:
“It could just be a case of mistaken identity or guilt by association. They could be using someone who seems to be low value to pivot toward somebody considered a higher value target, like somebody political in nature. Or maybe they saw that you were discussing Bitcoin on a public message board.”
Once a possible target has been identified, said Risher, hackers typically attempt to quickly break into the poster’s email accounts using sophisticated “phishing” emails that appear to be from someone familiar:
“You might think of this generic ‘Dear Sir or Madam, I am contacting you to ask you for a favor,’ but the truth is many of these attackers have done some serious research on their victims. So you might get what we call ‘social truth’ in your message.”
A presenter in Las Vegas recently told the audience at a crypto conference about a successful phishing attack on an employee at a cryptocurrency exchange.
Hackers profiled the employee and found that he or she was a super fan of dog shows, then solicited the person click a link related to a fictitious dog show.
The hyperlink then installed malware on the employees system, and that employee’s computer became the hackers’ window of access to the entire exchange operation.
Discretion is a good defence in a world where people have lost track of the volumes of personal info and traces they have left online over years. “Our data is all over the place,” says Risher.