Digital footprints online – what we leave behind

In today’s world, much of what we do is online. Not only is it an easy and convenient way for us to do every-day tasks such as banking and shopping, it is also a way for us to network on both a professional and personal level. Ofcom found in their research earlier this year that 9 in 10 adults use the Internet, with more than three-quarters of Internet users having a presence on a social media or messaging site and apps.

When we’re using the Internet, however, how many of us actually think about the personal information we give away, and how that information is used by others?

Last year we released our report Wolves of the Internet: Where do fraudsters hunt for data online?, which looked at what personal information is available on the Internet and how it can all be pieced together. The report showed that 65% of identity fraud victims have a visible social media presence or have been victims of a data breach.

This report was a particular eye-opener for me – up until this point I hadn’t realised how much information I had revealed online. While I’ve always been very aware of Facebook’s settings and what I post on there, this research highlighted that I should take the same approach with all social media accounts I have – including LinkedIn.

A simple search of my name using an Internet search engine would bring up my profile – showing my profile picture, full employment and educational history. This was so open that you could access it without signing in, giving away a wealth of information about myself. Instantly I went to change my privacy settings – which is another challenge in itself. There are various options for the account holder to review and change, such as how your profile looks to people who are not logged in, as well as how other LinkedIn users see your account and what LinkedIn does with your data.   

Top tip: Review privacy settings on all social media accounts. It may take time, but it is worth it to keep your personal information safe.

Similarly, it made me question the connection invitations I receive – how many of us check that the individual who is trying to ‘connect’ with us on LinkedIn is in fact, who they say they are? The reason for this is so important. Accounts are cloned in the same way as they are on other social media sites, and those individuals may not work for who they say they do.

A conversation with a friend revealed they had received an invitation to ‘connect’ from an individual claiming to work for the same company. A check on the company’s directory the next day showed that this individual could not be found – they didn’t work for the company at all.

Top tip: Be cautious of accepting an invitation to ‘connect’ from individuals you do not know. LinkedIn has some advice in their help centre around reporting fake profiles, inaccurate profiles and scams.

Aside from the social media sites we actively use on a daily basis, it’s also those accounts we may have forgotten about that can reveal a wealth of information. Using the website Pipl, “the world's largest people search engine”, a search on my email address revealed a number of social media sites that I was a member of, yet had forgotten about – some of which I’d signed up to over ten years ago! When revisiting those profiles I had revealed a lot of information about myself, such as my location, age, photos and interests – enough information to allow a criminal to start building a picture of my lifestyle and my identity.

Top tip: De-activate and delete old profiles. Using search engines like Pipl will help you identify those old social media accounts.

This report as well highlighted the importance of reflecting on your own online behaviours. It looks at on how ‘phishing’ (a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details) has evolved. We are now more wary of the pop-ups that tell us that our computer is locked until we call a number or go to a certain link, but we are not as wary when it comes to sharing posts on social media for a chance to win prizes.

There are a large number of posts on social media claiming you can win a voucher or a holiday, with seemingly real people commenting that they have won that prize themselves. A large number of these ‘winners’ are actually fake profiles, used to convince us that this is a genuine offer. You may be asking, what harm will it do if I share it? Simply, you are distributing the phishing attack to your friends and family, potentially leading them to reveal sensitive personal information to a criminal.

Top tip: If it seems too good to be true, it probably is. Never reveal personal information or financial information. Visit Get Safe Online for more information on how to safe on social media.

Finally, I would suggest checking to see if your email has been released as part of a data breach. The website have i been pwned? enables you to do just that. I have two email accounts. One I use mainly for signing up to newsletters, reading articles online, or to sign in to public Wi-Fi. It’s been released through five breaches and does appear on the dark web with an old password I previously used.

I have another email account that I use for banking, communicating professionally and signing up for courses. This email account has not appeared on a breach, probably because I am more aware of how I use that email account. If your email account appeared on a breach, change the password. Once again, Get Safe Online has some further guidance on this.

Top tip: Use a password manager tool to help keep store of passwords and help create new ones for every different site you use.