Technology
The dangerous intersection of people search sites and scams
It’s no secret cybercriminals thrive on personal information to pull off scams, commit bank fraud and engage in identity theft. But did you know that a lot of the information they need is readily available on people search sites? It might surprise you to learn that these companies gather and sell your personal data — everything from your contact details to information about your family — often without you even realizing it.
What’s more, this data can become even more vulnerable to breaches simply by being stored on these sites. For instance, I recently discussed an alarming incident where 2.7 billion records were stolen from a background search site called National Public Data and then shared for free on a cybercrime forum.
Having your personal information floating around on these people search sites and data broker databases significantly increases your risk of falling victim to scams. But don’t worry. I’ll dive into the details of how this happens and, more importantly, what you can do to protect yourself and stop it.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Illustration of a cybercriminal at work (Kurt “CyberGuy” Knutsson)
Cybercriminals exploit people search sites for personal data
People search sites like Whitepages, Spokeo and BeenVerified are designed to help users find and connect with others, but they’ve become a goldmine for cybercriminals. Despite warnings against using the data for stalking, harassment or harm, these sites offer a wealth of information that can be exploited by malicious actors.
Scammers can access a wide range of personal details, including addresses, phone numbers, email addresses, birthdates, family information, employment history and even religious beliefs or political affiliations. They can also find property records, court and police records and information about hobbies and interests.
This comprehensive data allows cybercriminals to build detailed profiles of potential victims, making it easier to craft convincing scams or carry out identity theft. The abundance of personal information available through these sites poses a significant risk to individuals’ privacy and security.
A woman is upset about her personal information being online. (Kurt “CyberGuy” Knutsson)
3 ways scammers use people search sites
Let’s talk about how scammers are using people search sites to find their next victims. It’s pretty alarming, but understanding how this works can help us stay one step ahead.
1. Finding victims
Cybercriminals can easily browse people search sites to dig up information about random individuals. They can look up names and uncover a treasure trove of details — like email addresses, phone numbers and other contact info. This is where things start to get a bit dicey.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
2. Profiling victims
Once they have access to this information, scammers can create detailed profiles of their targets. They might find out about someone’s job history, whether they have kids or even if they’re single and looking for love. They can also determine if someone is elderly, which can make them more susceptible to confusing tech jargon. Research indicates that a staggering 60% of cybercrimes against seniors — who are particularly vulnerable — are at least partly fueled by the personal information available online, often through data brokers and people search sites.
3. Putting the plan into action
With all this information in hand, scammers can launch targeted phishing attacks to trick victims into revealing sensitive information. They can create scams designed to steal money or even commit identity theft. There are countless stories of individuals falling prey to these scams and losing their identities.
In many cases, the scammers likely sourced their information from people search sites. In some shocking instances, certain data brokers — like Epsilon, Macromark and KBM — have been caught red-handed selling personal information directly to scammers, giving them the tools they need to exploit vulnerable individuals.
A person using a people search site on their laptop. (Kurt “CyberGuy” Knutsson)
MOST TARGETED CITIES FOR TRAVEL BOOKING SCAMS
4 ways to keep your personal information off people search sites (and away from scammers)
With the threat data aggregators like people search sites pose, it’s definitely a good idea to keep your information off their databases. While it won’t put a definitive stop to scammers, it will make it harder for them to find the information necessary to target you. It will also limit the number of places your data can be found online, thereby reducing the chances of it ending up in a data breach. That said, removing your information from people’s search sites can be easier said than done. It’s not impossible, though. Here’s what to do.
1. Track down and opt out from people search sites that sell your data
The first and most obvious step is to track down people search sites that sell your personal information and make them remove it. Fair warning: This requires a time commitment and ongoing maintenance.
You’ll first have to look up your own name, phone number, email address or home address on any popular search engine. You’ll likely see a bunch of people search sites in the search results. From there, you go through the results pages, visit each website that shows up and send individual opt-out requests to each one.
Since they refresh their databases often, most people search sites will add your personal information again after some time, though. So if you want to keep your data offline, you’ll have to check back every few months and remove it again.
If you have a few bucks to spare, I recommend using an automated personal information removal service. These services remove your data from people search sites and tons of other data broker types. Check out my top picks for data removal services here.
2. Limit the number of online tools and services you use
You should also exercise some good digital hygiene practices. Like being more discerning about the online tools and services you use. Many of them actually harvest your personal information and sell it to third parties, including people search sites and data brokers.
Even something as seemingly benign and widely used as extensions can be leaking your data online. A study conducted by researchers over at Incogni revealed 44% of Chrome extensions collect your personally identifiable information (PII). Even if they don’t sell it, this increases the risk of data breaches and malicious activity if the extension goes rogue.
You should reevaluate the apps, extensions and online accounts you use. Remove anything you don’t really need. For those that you do need, check the privacy policies for their data collection and sharing practices. You can always find more privacy-conscious alternatives.
3. Use throwaway emails and burner numbers wherever possible
Living in the digital age, I know it’s not really possible to go without any online tools. To sign up for most, you need to share at least an email or phone number. Unfortunately, those details are often shared with third parties, end up with people search sites and data brokers, circulate the web and ultimately result in increased spam and malicious attacks.
It’s a lot safer to use burner numbers and masked or throwaway accounts. This allows you to sign up, receive communication and maintain control of your online accounts while keeping all of the associated data and activity from being linked to your real identity.
4. Use private browsers and search engines
Browsers and search engines are another big source of data. Most of them track and share at least some of your online activity. Thankfully, there are plenty of browsers and search engines designed with privacy in mind.
I’ve previously recommended a few privacy-conscious search engine alternatives. They come with their own benefits and drawbacks but they all keep your search history private. The same goes for the browser itself.
Kurt’s key takeaways
It’s clear that while people search sites can be useful for reconnecting with friends or finding information, they also pose significant risks to our privacy and security. By taking proactive steps to protect our personal data, we can make it much harder for cybercriminals to exploit our information.
In your opinion, what should be the responsibility of companies that collect and sell personal data regarding user privacy? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.