Login
Data Privacy Week is here, and there’s no better time to shine a spotlight on one of the biggest players in the personal information economy: data brokers. These entities collect, buy, and sell hundreds—sometimes thousands—of data points on individuals like you. But how do they manage to gather so much information, and for what purpose? From your browsing habits and purchase history to your location data and even more intimate details, these digital middlemen piece together surprisingly comprehensive profiles. The real question is: where are they getting it all, and why is your personal data so valuable to them? Let’s unravel the mystery behind the data broker industry.
Data brokers aggregate user info from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data then gets put up for sale to nearly anyone who’ll buy it. That can include marketers, private investigators, tech companies, and sometimes law enforcement as well. They’ll also sell to spammers and scammers. (Those bad actors need to get your contact info from somewhere — data brokers are one way to get that and more.)
And that list of potential buyers goes on, which includes but isn’t limited to:
These companies and social media platforms use your data to better understand target demographics and the content with which they interact. While the practice isn’t unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.
Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier for data brokers to create a cohesive user profile.
Mobile phone apps are the most common way for data brokerage firms to collect your data. You might have countless apps for various purposes, such as financial transactions, health and fitness, or social media.
A number of these apps usually fall under the umbrella of the same or subsidiary family of apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Google’s AdSense make it easier for developers to monetize their apps in exchange for the user information they collect.
Data brokers also collect data points like your home address, full name, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public records (think sales of real estate, marriages, divorces, voter registration, and so on).
Lastly, data brokers can gather data from other third parties that track your cookies or even place trackers or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track your IP address and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.
Data brokers collate your private information into one package and sell it to “people search” websites. As mentioned above, practically anyone can access these websites and purchase extensive consumer data, for groups of people and individuals alike.
Next, marketing and sales firms are some of data brokers’ biggest clients. These companies purchase massive data sets from data brokers to research your data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.
We tend to accept the terms and conditions that various apps ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting the app track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, and apps and data brokers collect, track, and use our data however they please while still complying with the law.
There is no comprehensive privacy law in the U.S. on a federal level. This allows data brokers to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities of data brokers online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.
As of March 2024, 15 states in the U.S. have data privacy laws in place. That includes California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, Delaware, Florida, New Jersey, and New Hampshire.[i] The laws vary by state, yet generally, they grant rights to individuals around the collection, use, and disclosure of their personal data by businesses.
However, these laws make exceptions for certain types of data and certain types of collectors. In short, these laws aren’t absolute.
Some data brokers let you remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example, a guide by Griffin Boyce, the systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list of data broker companies.
Yet the list of data brokers is long. Cleaning up your personal data online can quickly eat up your time, as it requires you to reach out to multiple data brokers and opt-out.
Rather than removing yourself one by one from the host of data broker sites out there, you have a solid option: our Personal Data Cleanup.
Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. And if you want to save time on manually removing that info, you have options. Our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
If the thought of your personal info getting bought and sold in such a public way bothers you, our Personal Data Cleanup can put you back in charge of it.
[i] https://pro.bloomberglaw.com/insights/privacy/state-privacy-legislation-tracker/
The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.
Something looks a little…sketchy. Is that website safe or unsafe?
Nowadays, it can take a bit of work to tell.
And that’s by design. Increasingly, hackers and scammers go to great pains when they create their malicious websites. They take extra steps to make their sites look legit, when in fact they’re anything but. Certainly, plenty of other hackers and scammers slap together malicious sites that still look a bit roughshod, which makes them easier to spot.
So whether it’s a clever knockoff or a slapdash effort, unsafe websites of all kinds have several telltale signs you can spot. We’ll show you, and let’s start things off with what makes an unsafe website unsafe in the first place.
Unsafe websites typically harbor one of two primary forms of attack—yet sometimes both:
Malware: Hackers will use their sites to install malware on your device, often by tricking you into clicking or tapping on a download. They might tempt you with an offer, a prize, a show to stream—just about anything you might want to otherwise download. (Recently, we saw hackers installing malware on sites that offered to stream dubbed versions of the “Barbie” movie.)
Phishing: Another classic attack. Phishing involves scammers who try to hoodwink you into providing account or financial information. Common ruses include links in emails, texts, and DMs that appear to be urgent messages from streaming services, banks, social media, and other accounts. Of course, those messages are phony.
As a result, unsafe websites can lead to some not-so-good things.
On the malware side, attackers can install spyware and similar apps that siphon financial and personal information from your device while you’re using it. Other malware might steal files outright or maliciously delete them altogether. Ransomware remains a major concern today as well, where attackers hold devices and data hostage. And even if victims end up paying the ransom, they have no guarantee that the attacker will free their device or data.
Phishing attacks often lead to financial headaches, sometimes large ones at that. It depends on the information scammers get their hands on. In some cases, the damage might lead to identity fraud and a few illicit charges on a debit or credit card. If scammers gather enough information, they can take that a step further and commit identity theft. That can include opening new credit or loans in your name. It could also give a scammer the info they need to get driver’s licenses or employment in your name.
Above and beyond committing fraud or theft on their own, scammers might also sell stolen information to others on the dark web.
Again, all not-so-good. Yet quite preventable.
For some sites, it only takes one sign. For other sites, it takes a few signs—a series of red flags that warn you a site is unsafe. When you’re online, keep a sharp eye out for the following:
The site uses HTTP rather than HTTPS
The “s” stands for “secure.” Specifically, it means that the website uses SSL (Secure Sockets Layer) that creates an encrypted link between a web server and a web browser. SSL helps prevent others from intercepting and reading your sensitive information as it’s transmitted, which is particularly important when you shop or bank online. Likewise, you can also look for a little lock symbol in the address bar of your web browser. That’s one more way you can spot a site that uses SSL.
The site has a combination of typos and poor design
From spelling errors and grammatical mistakes, to stretched-out logos and cheap photography, some unsafe websites are designed poorly. Legitimate businesses pride themselves on error-free and professional-looking sites. If a website looks like it got cobbled together in a hurry or doesn’t seem to be well-designed, that’s usually a red flag. The site might be unsafe, created by attackers who don’t have strong attention to detail—or the creative capabilities to create a good-looking website in the first place.
The web address looks altered or off
Plenty of unsafe sites are imposter sites. They’ll try to pass themselves off as a legitimate company, like the streaming services, banks, and so forth that we mentioned earlier—all to get a hold of your account information. With all these imposter sites in play, look at the site’s address. Scammers will gin up web addresses that are close to but different from legitimate sites, so close that you might miss it. If you’re uncertain about the address, leave the page. Also, note that many companies have web pages that provide lists of the official addresses that they use. Amazon provides an example, and we do the same here at McAfee. Reviewing these lists can help you spot an imposter site.
The site says you have a security issue
A window or graphic pops up on your screen. The site you’re on says that it’s identified a security issue with your device. Or maybe it says that your system isn’t current. Either way, there’s a file the site wants you to download. “You can correct the issue with a click!” Don’t. It’s a classic trick. Instead of fixing your non-existent problem, the download will create one. Scammers use the security alert trick to install malware on the devices of unsuspecting victims.
The site floods you with pop-ups or links to click
A screen full of links insisting you click ranks among the top signs of an unsafe site. So much so, it’s often the subject of sitcom bits. Needless to say, the attackers behind these sites want you to click for one of several reasons. It might be to get you to download malware. It might be to generate ad revenue with clicks. Or it might be to get you to click a link that redirects you to another malicious site. In all, if you encounter a site like this, close your browser. And then run a system scan with your online protection software.
The site offers hard-to-get items at an outrageous discount
These unsafe sites sprout up around the holidays and gift-giving seasons. When stores run low on particularly popular or hot items, scammers will quickly launch sites that claim these items are in stock and ready to ship. Similarly, they might promote popular items at a deep discount. Of course, shopping at these sites will likely lead to one thing—a credit card charge and no item on your doorstep. Be wary when you see ads for stores in your social media feed, in search, and elsewhere. Stick with known, trusted retailers. (And for more on shopping safely online, give this article a quick read.)
The site promises access to hot shows, movies, and sporting events
These sites bear similarities to malicious online shopping sites. When popular movies hit the big screen or major sporting events come around, so do scam sites that promise to stream them for free or at a low cost. Avoid them. Trusted streamers will only carry shows and events that they have the rights to. If you find an offer to stream something that’s heavily discounted, free, or not available on known media outlets, it’s likely a scam. At the very least, it might serve up pirated content, which could carry malware threats along with it.
The site promotes prizes, coupons, or a quiz
Not every site that promotes some kind of giveaway or deal is a scam. Yet the ones that ask for personal or financial information likely are. Scammers prey on people’s love for saving money or even winning a buck or two. Enter the prize, coupon, and quiz sites. Malicious prize and coupon sites will often ask for credit or debit card information, often under the guise of a payout or a discount. Malicious quiz sites will likewise ask for all kinds of personal information, typically questions about the name of your pet, the first car you owned, or where you went to school. The questions share much in common with the security questions used by banks and credit card companies. Handing this information over could lead to a breached account. Give these sites a pass.
Comprehensive online protection software like ours includes web protection that can spot malicious sites for you. It has further features that can prevent downloading malware by accident, not to mention strong antivirus protection if a hacker makes their way through to you. In all, it gives you extra confidence that wherever your travels take you online, you’re protected from sketchy and unsafe sites.
However, another part of your best defense against unsafe websites is you. Knowing what the red flags are and the kinds of information hackers want to steal can help you avoid their attacks from the start.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
FreshRSS 