The boring stuff
Seeing everyone post their COVID-19 stimulus checks on social media reminded me of the gray area between hacking and social engineering: the malicious side of data mining.
Before starting my company, I did a small stretch consulting financial institutions on corporate espionage, IE stealing commercials secrets. I guess I should clarify, my role was to help them to avoid having their secrets stolen.
However, you cannot fundamentally teach someone about vulnerabilities unless you show them the vulnerabilities up-front. My colleagues in the computer security world call this “pen testing,” though this doesn’t even come close.
We often don’t realize how even the most trivial bits of information we share can tell others a lot about our personal lives. When protecting information, it’s inherent to focus on the blatant and the obvious, but we often overlook the little things that aren’t so seemingly apparent.
Take that COVID-19 stimulus you may or may not have gotten. If you got it, great, it’s probably best to keep that information to yourself. Even sharing the fact that you have or have not received a stimulus check can tell others a lot about your financial background. Posting the check on social media? Well, that’s just asking for trouble.
I was curious to see how much salary data one could pull on someone else just by the dollar figure of their stimulus check, and a couple of tax-related variables. Since people are posting it on social media, it’s not a stretch to figure out whether they’re married and have kids.
The calculator below does just that. Type in a stimulus check amount, marital status, and number of kids, and you get annual income. I didn’t make this because I was nosy, but to show people how easy it is to learn something about you that may or may not be personal. I could tell you all day not to share this stuff on social media, or why it’s important to have strong passwords and 2-factor authentication, but it doesn’t resonate the same until you see the effects up-front.
Sure, you may not care much if your “private” social media friends find out how much money you make, but keep in mind most social media companies make their money from your data. Maybe I can’t see your “friends only” posts, but you’d be stupid to think advertisers don’t have some level of access to the information within those posts.
Best case? You sheepishly grin once your buddies find out you’ve been pulling 6-figures while claiming money is tight every time the bar tab comes along. Or maybe that person you started seeing will begin to question whether you really are a NASA astrophysicist turned Goldman Sachs investment banker. Who knows?
But the worst case? An identity thief looking for some quick cash flow. A health insurance investigator wanting to raise your premiums. A lender deciding your interest rate. Even the electronic cookies from that online house plant delivery shop that seemed to raise prices out of the blue. That stimulus check amount, or lack thereof, tells the world a lot of information about you; information that’s probably best kept a secret.