Why is my personal mobile number being asked indiscriminately?
The legal definition of Privacy is “A person's right to control access to his or her personal information”.
It is my right as an individual to determine what information I would like others to know about me, who all can know that information and the ability to determine when those people can access that information.
I should take care (based on basic due diligence) that every product / application I use gives me confidence that my Privacy is not compromised. And gives me the authority and the permission to choose what I share and with whom. This will ensure that transactions done by me is not done at the cost of my privacy and security, instead supports these two attributes.
Now-a-days, most of the organizations (whose products or services touches my life on a day-day basis) have conveniently assumed that my phone is my second-factor authentication instrument. This includes on-line purchases and purchases made by visiting the shop.
Some of the petrol pump outlets, Toll Plazas, Social Gathering Events in a public place are constantly attempting to solicit my number under one pretext or the other through freebies (complementary water bottle), distributing free magazines, lucky draw etc..
Cell phone numbers, of late are indiscriminately and increasingly used as authentication instruments. Not only that, this number which is so personal and privy to me, is also being shared with third parties without my consent.
I am quite alarmed when people share their mobile numbers casually or freely without any inhibition, to whom so ever is asking without even batting their eyelid – “sure, please take it”. I am put to hardship (at times) when I don’t share my mobile number in the first instance while making purchase related payments.
A casual glance at the count of soliciting agencies (for my number) or the demanding agencies (for authentication) easily runs to about a fifty.
Let me take for analysis 3 such sample interfaces where I share my mobile number and let us deduce what pattern of information can be constructed.
- Pharmacy - Dress Purchase - Grocery Store
Example 1 - Pharmacy
- Pharmacy - Dress Purchase - Grocery Store
Example 1 - Pharmacy
Basic analysis of the above data reveals
1. Family composition, diseases manifest in the individual or family, medicines being consumed etc..
2. Their chances of childbearing (based on age, current suffering (based on diseases diagnosed), medicines consumed etc).
3. (can even predict) the ideal time - when the spouse can attempt ‘getting pregnant’.
Example 2 - Purchase of Dresses
Basic analysis of the above data reveals 1. An individual’s style and preference, his / her employment background, payment preference (credit card / cash) etc..
2. Their religion, community, number of family members etc.
3. their ‘native’,
Their behavioural pattern (based on the native, community details, dress preferences
Temperament (eg. easily provoked, aggressiveness, ‘cut-throat’ approach to business) etc.
Example 3 - Grocery Store
Basic analysis of the above data reveals
1. An individual’s place of stay and number of family members.
1. An individual’s place of stay and number of family members.
2. Single parent households,
3. Elderly people living alone,
4. Their preferred time of delivery of grocery items (can be linked to planning to con elderly people on the pretext of goods delivery)
- ‘health consciousness’, for eg. (based on the groceries ordered)
- Pets at home
Diseases / ailments at home (based on specific groceries being ordered)3. Elderly people living alone,
4. Their preferred time of delivery of grocery items (can be linked to planning to con elderly people on the pretext of goods delivery)
- ‘health consciousness’, for eg. (based on the groceries ordered)
- Pets at home
These three examples cited above – when subjected to basic analysis of the purchases made and the payment method gives an extraordinary insight to the life and psyche of the purchaser.
While the traditional definition of hacking relates to “unauthorised access to network, IT resources and information”, there is a general misconception that the term hacking is used only when there is an intrusion into the networks of big organizations, banks, data centres etc. leading to leakage or loss of information. It need not be necessarily so. When we study the information culled out (above mentioned three cases), reconstruction of “meaningful personal information” based on analysis also constitutes leakage of private information (which I have thinking is very close to me) or loss of privacy.
Thanks & Regards
Andrew
Information Security Services | cyber security services in india | penetration testing services india | security operation center services | Vapt Services | Cyber Recovery Solution in India | Cloud Security Service Provider | Network Security Company In Chennai | Data Breach Solutions In Chennai
The analyst (who has the purchase bills from these three entities) has the requisite data to arrive at the personality of the individual, his family composition including pets, predict his lifestyle, family’s health condition, travel plans etc
Furthermore analysis will help the analyst predict happenings in the family to a greater degree of accuracy.While the traditional definition of hacking relates to “unauthorised access to network, IT resources and information”, there is a general misconception that the term hacking is used only when there is an intrusion into the networks of big organizations, banks, data centres etc. leading to leakage or loss of information. It need not be necessarily so. When we study the information culled out (above mentioned three cases), reconstruction of “meaningful personal information” based on analysis also constitutes leakage of private information (which I have thinking is very close to me) or loss of privacy.
This data when shared with telemarketers will help them bombard calls to the individual, focusing on areas of interest / health concerns surprising the individual, thereby creating an element of worry and fear with respect to his / her safety and security.
So, what should I do?
Think before you share your information
- What are my personal data (vendor/agencies) being collected?
- Why do they need this information? How is it going to be used?
- With whom will my personal data be shared with?
- When and how the ‘data collected’ will be deleted?
- How long will they keep my data?
- How are they securing my data?
And also know more about Email Spoofing
There is an equal chance that the same data / information landing in the wrong hands can make my life miserable (as my peace of mind is lost due to misuse of data or information).
Sounds scary, isn’t it?So, what should I do?
Think before you share your information
- What are my personal data (vendor/agencies) being collected?
- Why do they need this information? How is it going to be used?
- With whom will my personal data be shared with?
- When and how the ‘data collected’ will be deleted?
- How long will they keep my data?
- How are they securing my data?
Conclusion
I Hope you enjoyed with this article and also it could be useful for everyone to find how our information is shared. And my sincere thanks to Vaidyanathan Rajan, Senior Consultant - IARM Information Security who shared this fantastic and informative article. And also know more about Email Spoofing
Thanks & Regards
Andrew
Information Security Services | cyber security services in india | penetration testing services india | security operation center services | Vapt Services | Cyber Recovery Solution in India | Cloud Security Service Provider | Network Security Company In Chennai | Data Breach Solutions In Chennai
.jpg)
No comments:
Post a Comment