Background
While human has enjoyed the favourable achievements in information technology, the significant development of digital technology has provided many advantages to the users, including live video chat with other persons in different locations, convenient online shopping, and virtual team to conduct project or researchers. One of the key basic things to use these functions during digital age is to create a personal account with private information, containing phone numbers, email address, birth date, and other relative information (Valliant 2020). While creating personal accounts, users could then utilise their account name and password to login to normally use the functions of the websites or applications. Anderson (2017) mentioned that privacy for users not only included account details, but also include the information of viewing history or any payments made or even online text chats or video chats.
Privacy in digital age (Andersson, 2017)
Speaking about the term, privacy, Marwick & Boyd (2018) has mentioned that the term of privacy was not only the restriction of personal data, but also the ability to control what data would be accessible by others. Apparently, by providing personal details in the portfolio, users could determine what information could be reviewed by others. For instance, job seekers could make their resume available for HR to review, which has covered many private information. However, Acosta (2022) mentioned that although many users have enjoyed the attractive features of different tools in digital space, they did not realise that their private information has been in danger, considering the existence of numerous virus and vulnerable nature of the configuration and coding system of the website and applications.
This blog will discuss what are the treats to privacy, following the discussions to potential influence of the threats, and this blog will also have discussions to a case study to further explain threats to privacy
Potential threats to privacy in digital age
Potential threats to privacy (Salie, 2017)
Beginning with potential threats to our digital privacy, while we use the internet via mobile phone or the personal computer, the hidden threats behind different websites, links, or unknown links threating our privacy are not fully aware by many individuals and employees. Salie (2017) has summarised several threats to individual privacy, including tempering, phishing attacks, electronic deception, unauthorised access, and virus spreading.
- Tempering: the tempering, simply speaking, is that attackers will intercept online message package to modify, delete, and insert fake information in the original message, then they will send forged information to the receiver, where the forged information will mislead receiver to do something to benefit the attackers.
- Phishing attacks: in general, phishing attacks are that attackers will plant small and malicious programme via a link, and the link will be sent to users with an email or message to pretend a message of prize notice. Once the users click on the link, the planted programme would start to install malicious applications or to steal private data from the users. An example could be this, say, you just receive a message from Myers or David Jones that you have be nominated to an anonymous award, and you just click on the link at the end of message. However, although you have closed the page containing nothing on but just some advertisements, the hackers have already started to steal your sensitive data, or even know your bank details to take your money.
- Electronic deception: some attackers will pretend themselves to be other persons to perform the network attack to steal privacy form others, where some hackers could also counterfeit the legitimate users’ identity to attack legal organisation, such as banks or post to get benefits, while hiding themselves by using others’ identity. In general, if you find that your credit card has been used by a stranger, and you call the police immediately. However, police may mislead by the attackers to go to different locations to find the criminal, and they have just run away.
- Unauthorised access: in the term, unauthorised access, this threat to privacy refers that attacker could access and copy your private information by creating monitoring programme without your permission. Once the attackers have obtained the private data, they could then conduct other illegal behaviours. For instance, if a hacker gets an employee’ login details, the hacker could then attack the company or copy more private data to sell them to that company’s arch-enemies to gain personal benefits.
- Virus spreading: virus spreading was more commonly known term, since the virus attack has been reported numerous by TV shows, newspapers and other medias. The key mechanism of virus is that hackers have designed and coded malicious programmes into an advertisement on a webpage to send files, an inconspicuous file at some applications, or even hiding at an installation package, after the malicious file has been released, it could automatically steal your personal information or even lock on your computer, which requires you to pay money to get your computer unlocked. For some extremely violent virus, it may be designed to ruin your computer,
The negative effects of threats to privacy
Moving on to the discussion of the negative effects of potential threats to privacy, apparently, the very first issue will be related to personal property loss. Imaging that, if a hacker has created a malicious virus, which could automatically steal the information or destroy the functions of your system, and you just incidentally activate the file with virus or the link, your computer or phone will be immediately infected. The first negative effect is that your private device has been monitored or your information has been taken, resulting in serious consequence of data leakage and the second negative effect is that your device could be locked or destroyed if the attacker is conscienceless. In worse case, the hackers may ransom the person they have attacked for personal benefit, where the victim should pay the money to get the device restored or back to initial state.
Talking about the potential effects to organisational level, it would cause significantly economic loss to the victim company. When a company has been attacked by hackers, that company will firstly lose their private data or even the company’s website is interrupted. If the private data is leaked, the victim firm will face serious price that their customers could sue them to compensate their loss and the management team should pay more prices to fix this issue. Meanwhile, the data leakage will threat the company’s daily business, since all attentions should be used to mitigate the threats, rather than focusing on their daily business. In the worst-case scenario, the victim company would face situation of losing significant profit, where the company’s secret has been taken, and they need to pay significant amount of money to buy those business secrets back.
A server has been attacked (Nguyen et al. 2016)
If we consider the situation to the large scale, say, the threats coming from different illegal activities could ruin the environment of the internet. Nguyen et al. (2016) has discussed that if an internet provider’s server was captured by hackers, it eventually became a puppet machine, which would be used to infect other hosting server. As a result, the important and sensitive data of different customers including bank account details, credit card information, or even Medicare information could be stolen into transaction chain of ‘black product’. This pheromone could be worser, if there are not proper strategies taken to fix those infected servers, this infection could be spread very quickly, where more users’ privacy is at risk (Suzor 2022).
Case study – Whaling attack in digital age
Whaling attack is one of the cyberattack to gain privacy for criminal aims, where the hackers will pretend themselves as company leaders at a company to gain access of private data and the company login details. Unlike other normal phishing methods, which could be recognised when pay more attentions, waling attack is a privacy stealing method that it is highly targeted and personalised manner, and the targeted victims are difficult to detect and prevent this type of fraud. While hackers impersonate the CEO or other department leader in writing an email containing every personal information with the impersonated leader to request sensitive data from top-level workers, many of receivers would directly provide the required information, since they do not know that this is a fraud email and inevitably fall into the track.
Whaling attack (Muncaster, 2016)
Muncaster (2016) has introduced that the CEO of an Austrian aerospace manufacturer, Walter Stephan, was fired due to his apparent mistake, resulting in the financial loss of $55.8 million in a whaling attack. The Austrian company FACC, producing airplane parts for company like Boeing and Airbus, has announced that the fraud incident happened on 19th January 2016, was targeted by an email scam that external attackers has impersonated to successfully gain direct benefit of $55.8 million. After FACC has realised the financial department was attacked, Austrian Criminal Investigation Department was involved to assist the investigation of this case and successfully took back $10 million cash. However, inevitably, FACC stock has experienced a dive on 20th January 2016 after the fraud accident (Cimpanu 2016).
FACC stock dive (Cimpanu, 2016)
The case of FACC email scam is a typical example of whaling attack, where the attacker has successfully gained the authorised access to transfer a large amount of fund from FACC financial department after Walter Stephen has fell into the scam track to lead to significantly financial loss of the victim company. Eventually, due to high level of impersonating nature, many victims could recognise the hiding scam nature, but just did things as the email said. The main reason is that, since they saw this email was from his leader with direct purpose, and they had no need to phone the sender for confirmation. As a result, FACC’ financial department has been controlled to transfer large cash flow to the attacker’s account.
From this case with significant financial loss, it is apparent that both organisations and individuals should pay more attentions to protect private data during this cyberspace with fierce viruses and scams. We should do the followings:
- Be familiar with different threats: Flew (2019) has suggested that while service providers should strengthen the security level of their services, individuals should spend times to learn about different threats to avoid the track. To be familiar with different types of threats could assist to build self-understanding to face different situations involving potential fraud or scam. It is important to understand what contents have highly risks of containing virus or malicious programmes, so we could eliminate the risks of being infected by malicious contents.
- Being cautious: crucially, while we have learnt about what are the threats and where they may exist, it is very important to improve personal awareness. Sometimes, we may be curious to open links provide some message about prizes and rewards, where once we click on the link, we fall into the track by attackers. As a result, we should be very careful about any unknown links, messages, or even a photo from strangers, since the malicious contents are everywhere. The cautiousness could assist us to avoid the infections and fraud while we are using the favourable features in digital platform.
Conclusion
To sum up, this personal blog has been used to conduct discussion about threats to privacy in digital age. There are numerous threats to privacy during the digital age, containing tempering, phishing attacks, electronic deception, unauthorised access, and virus spreading. While the threats could result in significant economic loss for both individuals and organisations, it is crucial to be familiar with these threats and develop personal awareness and cautiousness against them.
Reference list:
Acosta, L. (2022). A survey on privacy issues and solutions for Voice-controlled Digital Assistants. Pervasive and Mobile Computing, 80, https://doi.org/10.1016/j.pmcj.2021.101523
Andersson, D. (2017). Is There Privacy In The Digital Age? HuffPost.con.uk, retrieved 3rd April 2022, from https://www.huffingtonpost.co.uk/dan-andersson/privacy-digital-age_b_17551302.html
Cimpanu, C. (2016). Cyber-scammers steal $ 55 million from FACC. SOFTPEDIA.com, retrieved 5th April 2022, from https://news.softpedia.com/news/cyber-scammers-steal-50-million-from-austrian-airplane-manufacturer-499224.shtml?msclkid=5132966db6d311ec965701c29f7e2c71
Flew, T. (2019). Platforms on Trial, Intermedia, 46(2), 18-23.
Marwick, A. & Boyd, D. (2018). Understanding Privacy at the Margins. International Journal of Communication, 12, 1157-1165, http://ijoc.org.
Muncaster, P. (2016). CEO Sacked After $56 Million Whaling Attack. Infosecurity Magazine, retrieved 5th April 2022, from https://www.infosecurity-magazine.com/news/ceo-sacked-after-56-million?msclkid=51321750b6d311ec8cb909a67a16b5dc
Nguyen, K., Rosoff, H. & John, R. (2016). The effects of attacker identity and individual user characteristics on the value of information privacy. Computers in Human Behaviour, 55, 372-383, https://doi.org/10.1016/j.chb.2015.09.031
Salie, E. (2017). GRC Tuesdays: Part One—Big Data Privacy Risks and the Role of the GDPR. Blogs.sap.com, retrieved 4th April 2022, from https://blogs.sap.com/2017/04/04/grc-tuesdays-part-one-big-data-privacy-risks-and-the-role-of-the-gdpr/
Suzor, N. (2022). Lawless: The Secret Rules that Govern Our Digital Lives, Cambridge University Press, 10-24.
Valliant, K. (2020). Protecting patron privacy in the academic library during the digital age. The Journal of Academic Librarianship, 46(3), https://doi.org/10.1016/j.acalib.2020.102127