What You Can Learn About Cybersecurity From Snooping on Your Crush Online

Sharing passwords

We may not be proud of it, but most of us have creeped on a crush or ex online when curiosity got the best of us. Here’s how to turn it into a lesson rather than—like your therapist told you— an unhealthy waste of time. 

Even if you had resolved to limit your cyber-snooping once the new year began, as we edge closer to Valentine’s Day, that resolution may be put to the test. Unless your former S.O. lives off the grid or is savvy enough to remain incognito online, a search will probably yield some personal information about them. And while that may be great for satisfying our curiosity, it forces us to confront the idea that if we’re out there googling our Tinder matches, our Tinder matches are probably googling us, too. (The nerve!) So this Valentine’s Day we’re asking the question: Do we make ourselves too vulnerable to desktop gumshoeing? 

From a social standpoint, the amount of information you’d like to put out into the world is entirely up to you. From an online security standpoint, however, there are risks to going public with our personal information. 

Here are the lessons to take away from cyber-snooping on your ex or crush. (See? You were being productive!) 

Posting personal information may make you more susceptible to phishing and spear-phishing scams

Phishing, an exceedingly common online scam, is targeted toward individuals vs. a business or data repository. Phishing refers to the practice of scammers posing as legitimate entities (like DHL or Amazon) and indiscriminately sending out batches of fake emails in order to trick you into clicking a malicious link or revealing passwords or financial details. Spear-phishing is the far creepier version. In a spear-phishing scam, hackers may use personal information about you to pose as a friend, colleague, or family member. Public posts on social media could be fodder for these hackers. 

For example, if you post a picture of you and a friend at your favorite lobster shack in the Hamptons, a hacker could pose as your friend and request a Venmo payment for lobster rolls. Or they could send you an email posing as the lobster shack, saying that your credit card was declined, so if you could please call them to pay over the phone, that would be great. 

While there are different reasons to maintain a public profile online, it doesn’t hurt to comb through your posts for gratuitous personal information. (Or just take this as a sign to finally get around to updating your social media privacy settings to “Only Friends” wherever you can!)

Public Venmo accounts can be dangerous in the wrong hands

In the past we’ve covered whether or not you should keep your Venmo private. TL;DR: you should. You might scope your new crush’s recent transactions to see if they’re buying anyone flowers or dinner on or around February 14th—so what sort of information can a hacker gather? Consider this: Venmo feeds reveal a lot of personal information, including the device you use, whether or not you sell or buy illegal substances, and who you live with if you pay them monthly for bills through Venmo. Hackers can use this for spear phishing, blackmail (in the case of illegal substance transactions), and to hack your credentials. Because of their public API, it’s easy for hackers to find information on many Venmo users at once. 

Your email and phone number might be (too) easily searchable

For many professionals, personal and portfolio websites might mean the difference between getting a job or not. If we want people to contact us through our websites, we’re likely to include our email address and phone numbers. Because personal websites usually come up within the first few results of typing a person’s name into Google—as you probably already know from playing Nancy Drew before a date—a hacker will have similar luck trying to dig up your personal information. We’re often liberal with where we enter or share our email, which means that we should be equally vigilant in response when it comes to evaluating any unfamiliar emails (or texts or DM’s for that matter) that we receive. Double check email addresses and names of senders (bad actors may slightly change a letter or number of an existing email), and if you follow any links to third party websites, triple-check the URL to make sure it’s correct before entering any of your credentials or personal information.

Your current job and work history are potentially useful to hackers and scammers

One of the most compelling things to research about a potential love connection if we don’t know already is where they work. This could provide clues as to lifestyle compatibility, expertise and interests, stability of income—or perhaps a salacious reason for a recent firing. While there’s nothing inherently unsafe about creating a LinkedIn profile (similar to a website, it might be a necessity when it comes to job-hunting or being part of a company), there is potentially damaging information a hacker can glean from your profile. 

An article from the F-Secure Blog explains that hackers may use LinkedIn profiles to gain information about employees and build a rapport in order to pull off a social engineering attack on a business. If they’re able to track down names and email addresses of employees, they may then use the job description in your profile to craft a targeted email from a fake employee or business connection. The email may contain a malicious document or a link to a third-party site that steals your credentials. 

If you’re an IT admin, you may already be familiar with ways to test your employee’s knowledge of common scams, and how to avoid them

The bottom line

As a general rule, think, “If I can see this on their profile, a hacker can see this on mine.” While it’s nearly impossible to opt out of sharing information online today, it’s never a bad idea to protect your sensitive data by locking down your privacy settings on social media, having strong passwords, staying on the lookout for “phishy” emails and messages, and using added protection like two-factor identification to access your accounts. 

Now, happy hunting!

    Diva Hurtado

    Diva Hurtado is a Product Manager at Dashlane. She started her career in tech by founding a large-scale hackathon, HackFSU, while attending the University of Florida. From there, she jumped into mobile gaming, leading teams in creating educational games for iOS and Android. Now at Dashlane, she works to create experiences that make digital security accessible to everyone.

    Read More