As we move towards a completely digital era in an attempt to virtually bring the world together, knowingly or unknowingly, we have lost our privacy on the way. Although this improves the quality of life, it is important to find the right balance between utilizing technology and losing privacy. You do not want a person sitting in San Francisco in front of a computer looking at your name and age and address, do you?

Citing my experiences, I want to educate you on how today’s world is fuelled by data in the name of providing better services (and sometimes, just scams). Hope this makes you aware and helps you take better decisions in such situations.

Before we begin, there is one important jargon that is used when it comes to privacy, Personally Identifiable Information (PII). NIST defines PII as “Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.”

Let’s begin.

Table of Contents

1. Photocopy++
2. Gave it up, almost
3. Free at a cost

Photocopy++

It is quite common in India to see what is called as a xerox shop, where photocopy services are offered. As the name clearly suggests, this is not something that will fetch you a lot of money. Although other services like binding or printing are offered together with this, shopkeepers resort to another model through which they could make some $$$. How about making a secret copy of whatever you take for your clients? What if that contains some confidential information, or documents? What if this could be sold to parties interested in such information? Quite scary, yes. So, be wary of what you take to the “xerox shops”.

Gave it up, almost

(Wikipedia) Social Engineering - In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information.

Thanks to my awareness about social engineering, I was able to evade a social engineering call. This is the pretext for the call I received - the guy is calling from a higher education company and wants to know whether I’d be interested in being added to a WhatsApp group for information on higher education.

Him:
*introduces and lays out the pretext*
Will you be interested in this?

Me:
Okay.

Him:
It is based on city, so may I know the city you live in?

Me:
Chennai.

Him:
May I know the pincode?

Me:
*realizes why he would need my almost-exact location for a mere WhatsApp group*
Why do you need my pincode if all you need is the city I live in?

Him:
No sir, we also need the pincode.
*continues to persuade me to reveal my pincode*

Me:
That will give away my location, sorry.

Him:
Okay sir, no problem. I will add you to the group.

I haven’t been added to any WhatsApp group until today.

Social engineering is based on exploiting various aspects of human psychology. In this case, it was curiosity. In any scenario, think and evaluate about whatever you are about to say or do. #TrustNoOne

Watch Karl Rock and Jim Browning on YouTube to get an intricate understanding of scams in India.

Free at a cost

Online shopping has made it very convenient for people to get whatever they want. One click, one swipe and that’s it - the product is at your doorstep the next day. As Indians, we love discounts, and with the vast variety of e-commerce platforms online, the search for lowest prices is endless.

This was a scenario where Company X sells products at a cheaper price (~₹50) than the market. To make orders, you had to register an account with your details such as name, phone-number, email, address. Just the usual information, isn’t it? Well, for certain people, this kind of information can be huge. Upon closer inspection, I realized that the website doesn’t allow you to modify some details once you enter them. While the website loses ₹50 to its over-the-table customers, it gains a lot from selling the data to its under-the-table customers.

Imagine a stranger gives you an offer - ₹50 in exchange for your name, phone-number, email and address. Would you do it? Of course, not. This is the exact scenario with the e-commerce website as well, do not be blinded by lower prices. Keep your information private unless absolutely necessary and refrain from registering accounts all over the place. It will definitely come back to bite you sooner or later.