Blogging can Affect Your Security

Blogging has become a common activity among computer users, regardless of age or profession.




/* Style Definitions */
{mso-style-name:”Table Normal”;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-fareast-font-family:”Times New Roman”;
mso-bidi-font-family:”Times New Roman”;

However, simply writing on various personal issues can impact on users’
security and can expose them to extra security risks related not only to
privacy, but also to identity theft and account balance.

Many bloggers have abundantly written on topics such as favorite music
or movie artists, love, hobbies and other various topics that apparently can
hardly pose any risk. It’s extremely easy to write on such topics, or to share
different experiences with readers, but at the same time, bloggers might expose
enough data for malicious persons to carry out a successful phishing or vishing
(the phone equivalent of phishing) attack.

In order to better explain these risks, let’s take into account the
following scenario:  a blogger buys
himself / herself a new, more efficient & intelligent mobile phone. It can
open PDF documents, it has Wi-Fi connectivity (or at least, it can connect via
GPRS to a blog, in order for its owner to fuel it with new material while
travelling). Suddenly, the above-mentioned blogger feels the urge to brag about
it on the blog in a more personal manner.

I have just purchased a new mobile phone in order to do some on-the-fly
posting with the newest things that come across my life. I got my new
[brand-goes-here] yesterday from [mobile company]‘s shop. You would not
believe how excited I am. I’m the coolest of you all

Next on, imagine that the post above ends up read by the wrong person,
who then calls the blogger back impersonating one of the [mobile company]‘s employees. Bloggers who
have registered their own domain names usually have their phone number listed
in the registrar’s database.

Hi there, sir! I am [name] of
[mobile company], and I’d like to
ask you a couple of questions about your
handset you purchased yesterday from
But first, I’d like you to confirm your identity. Please state your SSN, birth
date and address

This is only one of the scenarios that can lead to massive identity
theft.  As a rule, the more you say about
yourself, the easier for the attacker to guess other details. Talking about
favorite food, actors and day-to-day activities may be a good starting point
for attackers to guess the e-mail password, or to fill in the necessary info to
recover the allegedly lost password from one’s mail account.

Installing and activating a good anti-malware security suite is one of
the first steps to follow in order to protect one’s online identity. Some
security products come with antiphishing protection that alerts the user if the
site they are about to visit is illegitimate or might pose a security threat. Bloggers
are advised to keep their posts free of excessively personal information, because
everything they say can and will be used by attackers to trap them.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.