Welcome to the March 2022 issue of Incognito, a monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.
Here’s what we’re talking about this month:
If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter.
House prices may be soaring, but that hasn’t stopped Americans from going on a “near-record homebuying spree” during the pandemic. In fact, the sudden shift to hybrid work models combined with relatively low interest rates and pandemic savings have prompted more people to consider buying second and even third homes.
However, potential home buyers were not the only ones busy during the last few years. Amidst the chaos of the COVID-19 crisis, criminals also ramped up their activities, including identity theft. For example, in 2020, about 49 million Americans fell victim to identity theft, costing victims a total of almost $56 billion.
While identity theft is most commonly associated with drained bank accounts, few realize that as long as criminals can access people’s personal information, including their real estate data, they can also steal their homes.
In the US, the real estate recording system is based on open access. That means that any information about a home purchase is public record.
Anyone can perform a property record search to find out things like who the owner of a home is, how much they paid for it, when they purchased it, its square footage, property deeds, terms and conditions of a mortgage loan (if applicable), tax liens (if applicable), and even the owner’s personal history, like if they’re divorced or facing bankruptcy.
Real estate records are easily available.
Individuals can access this data through entities like the county courthouse, city hall, and county clerk recorder’s office.
At the very least, moving home will lead to predatory junk mail, targeted ads, and spam calls. This is because data brokers place people they know have bought a new home into “new movers” lists. These lists are frequently sold to furniture and appliance dealers, doctors and dentists, lawn maintenance services, and other businesses.
Experian, a data broker and credit reporting company, that has information on over a billion individuals, sells a “new movers mailing list” to local businesses so that they can get to “know prospective clients, including trade-up homebuyers, apartment renters, corporate climbers, and retirees.”
Identity theft. If a criminal can get their hands on your personally identifiable information, including your Social Security number, they can potentially trick a bank or a mortgage broker into thinking they are you and take out a mortgage loan in your name.
For example, in late 2021, seven individuals were sent to prison for stealing the identities of absent homeowners with no mortgages, falsifying loan documents, and opening bank accounts in their names. They then used the loan money to buy luxury cars and other expensive items.
Deed fraud. Using personal information found online, criminals can impersonate a homeowner to transfer the title of their home to themselves. While abandoned and vacation homes are the prime targets for this scam, some criminals will go after occupied homes as well. In the latter scenario, a homeowner may not realize what has happened until they go to sell the home or receive notice of eviction. In 2020 deed theft netted scammers $547 million.
Once a criminal has obtained a person’s home title, they can:
Foreclosure rescue scam. This scam starts with criminals identifying homeowners that have fallen behind on their mortgage payments through the internet or public foreclosure notices in newspapers. The criminal (or “rescuer”) then contacts the homeowner, assuring them that they can help them save their home. In the end, they usually make a profit from fees or direct mortgage payments, while the victim loses their home to foreclosure.
Our recent favorites to keep you up to date in today’s digital privacy landscape.
Apple Is Working on Air Tags’ Privacy Features After Reports of Stalking
By connecting to nearby Apple devices, Apple AirTag trackers can help people find their keys and wallets. However, they are also increasingly being used to stalk individuals without their consent and steal luxury vehicles. In response, Apple has issued a statement notifying iPhone users of upcoming software updates that will alert them of unknown AirTags and make it easier to locate them.
Google Plans to Stop Cross-App Tracking Android Users
Following in Apple’s steps, Google recently announced that it would end cross-app tracking on Android devices. Instead, the tech giant is designing a new system that it claims will promote user privacy while at the same time keeping advertisers happy. However, Google made it clear that nothing will change for at least two years, giving the advertising industry ample time to prepare.
LinkedIn Phishing Scams Up by 232% Since February
LinkedIn phishing scams have grown by a whopping 232% since February 1st, 2022. Taking advantage of “The Great Resignation,” scammers are replicating LinkedIn email messages. Although the emails look a lot like they come from the social media site (with subject lines like “You appeared in 4 searches this week.”), the webmail address is obviously fake, and clicking on the malicious link brings victims to a site that harvests their LinkedIn credentials.
500 e-Commerce Sites Compromised with Credit Card Skimmers
Hackers compromised around 500 e-commerce shops, including Segway, by installing credit card skimmers on sites running an outdated version of the e-commerce platform Magento CMS. When shoppers entered their credit card details, the information was sent to attacker-controlled servers. The frequency of these types of attacks has grown in the past five years, as has their sophistication.
Here is a question one of our readers asked us last month.
Q: When logging in to a site, is it better to use an existing social media account (like Facebook or Google) or email address?
A: Logging in with an existing account may be easier, and from a security perspective, it may even be safer. However, from a privacy perspective, it is not recommended.
The reason why is that when you log in to a website with another account, you are, in most cases, permitting data sharing between the two sites. For example, when you use Facebook to log onto a site/app, it can ask Facebook for up to 40 different permissions, including access to your timeline, photos, and friends’ list.
Clearly, then, you should only use social media sign in with sites/apps you trust. It’s also a good practice to keep a close eye on your preferred social network’s privacy policy.
If, however, you’re worried about giving away your email address (which, with scams and phishing attacks soaring, is totally justifiable), consider using a masked email when signing up for sites/apps you don’t entirely trust.
Q: What are dark patterns? Are they actually bad?
A: Dark patterns are practices that trick users into taking action on a website/app/email/form/etc. that they didn’t necessarily intend to/want to take.
Sometimes, dark patterns can be attributed to poorly designed UI and UX experiences rather than deliberate manipulation. Other times, these deceptive practices are intentionally built into the UI.
Examples of dark patterns include:
You can see more types of dark patterns on darkpatterns.org, a website by UX specialist Harry Brignull who came up with the term in 2010, with real-world examples (“Hall of Shame”) from Google, Facebook, Amazon, LinkedIn, Apple, and more.
We’d love to hear your thoughts about all things data privacy.
Get in touch with us. We love getting emails from our readers (or tweet us @Abine or @DeleteMe).
Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.
Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito?
That’s it for this issue of Incognito. Stay safe, and we’ll see you in your inbox next month.
DeleteMe is our premium privacy service that removes you from more than 30 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.
Save 20% on DeleteMe when you use the code DIYPRIVACY.
Our privacy advisors:
Save 20% on any individual and family privacy plan with code: BLOG20
© 2023 Abine, Inc. All rights reserved.