This week I have been teaching one of my favourite topics
Social Engineering. If you are not familiar with the topic, social engineering is the act of
abusing human psychology to take advantage of a persons natural tendencies and emotional reactions in order to trick then into making security mistakes or giving away sensitive information.
As part of the series we also explored
open source intelligence (OSINT) which is a method often used by hackers to collect information from public sources in order to build a detailed profile about a victim.
While it can be quite concerning to learn how easily hackers can find information about us, the good news is, we can use the same techniques to hunt down our digital footprints and secure or remove old accounts we have forgotten about.
A good place to start is to search for old social media accounts we have left dormant, with potentially sensitive information, and weak or reused passwords. There are several websites we can use to do this (Whatsmyname , Namecheckup ), the best of which is NameChk which will return a list of all platforms where our specified username has been registered. It is worth noting that some returned results will be false positives, either other peoples accounts (using the same username) or links to accounts that have already been terminated and no longer exist. These can all be ignored.
Once you have a list of old accounts which you no longer use, I suggest the following strategy:
- Login and change the password to a new, strong, unique password stored in your password manager (see article)
- Download any data you wish to keep e.g. photographs
- Delete all data from the account, and where possible change the personal information to some kind of alias or pseudonym. This is a grey area, but is generally fine, as long as within the intrinsic nature of the alias there is no false or misleading information, mentioned or implied, meant to defraud someone.
- Upload some garbage data e.g. random photographs or posts (this step is optional)
- Finally, leave this account running for a few weeks to allow google to update its servers, and then request to fully delete the account.
While this strategy might sound a lot of work, especially if you have a lot of old accounts, it is the best way to remove old footprints and take back control of your online presence.