Interestingly, many are unaware of it and willingly give it all up. While a lot of it might seem innocent, we never know the length of someone wanting to take advantage of it. Even if you’re already cautious, you can still be a victim of phishing, smishing and any attempt of social engineering attacks. The problem isn’t solely us who’s unable to protect our data. Everybody is responsible. Our data, as we speak right now, might probably be sold to the highest bidder and it’s just about time it’s being exploited. ## But I have nothing to hide, why afraid? While you might not have anything to hide, I remember this saying that also applies to this context: “ ***We all have something and it’s just the matter of them hitting the right notes to get to you”***. It might not be you directly but someone you know that is close to you & might affect your relationship with them. It could be your employer, friends, anyone really. Is being offline and unplugging everything the answer to this? It might be but for those whose life is completely embedded online, this isn’t the answer. Even some governments these days enforce things such as sharing our social media while applying for a certain visa. Imagine if you have no social media presence, there can be some negative perception such as them finding you a bit suspicious and as if you have something to hide. Recently, I was the target of this social engineering attack. I found out the source is from my shoppee account. There was a strange e-mail that I received from them as if they’re sending me receipts. I never really click on any such e-mail and I do my due diligence to check. They’re always going straight to my trash and being deleted. For a while, because I never actually shopped using shopee anymore, those suspicious e-mail stopped coming. But strangely, a couple of days ago,I received a whatsapp text with an image attached asking if I have a certain package that I am expecting. While it is true that I have an on-going package, Shopee sellers or even the courier will never contact us with a screenshot. In fact, the number registered on my account vs the number on the package are different. So, that’s when I got another wake up call that my data isn’t entirely safe anymore. If they were really the courier and unable to reach me, they would just flag my account as undelivered and I could always come to the pick up point to ask about it. ### Now, can you imagine if someone is not as cautious as I am? They might get curious and even click on the image and inquire about it. In that process, you're giving the other end a chance to exploit your information. You're giving them chance to ask questions and being manipulative. The moment you're answering to it, that just shows that the number is actively being used. When I hung out later with some strangers, I told them about this incident to shed more awareness of this sophisticated attack. Apparently, one of them got scammed with such techniques and lost quite a bit of money. There are many stories like this happening all around and the attack becomes a lot more sophisticated. ### I’ve been pretty much safe from all these but only recently I noticed they’ve become more aggressive. Having to live in Indonesia where our data is open and sold to the highest bidder, it’s best not to have any social media or even shop online actually. We have to be wary with every sign up and it’s OK to lie about numbers and e-mail which is usually strangely some restaurants and public services ask. They don’t really have the safest data protection and it’s best to actually not do it. My mom was almost a victim of this sophisticated attack. I had to check her credit reporting system and actually ensure that the allegations weren't right. Thankfully, it wasn’t and we noticed some strange cases about it because it happened almost a decade ago. Maybe most people here are tech savvy and understand security but to those who don’t. Be very cautious online. There are things that you can practice such as : 📌 Never reply to unknown numbers messages right away especially with ambiguous questions. If you’re accused of something and you’re bothered by it, contact your local police and make sure there are witnesses to that and ensure that their accusation holds some merit. 📌 Do not click on links, attachments or even images because these days, attackers rely on images too. 📌 If they claim to be from certain companies, verify it and verify if you’re actually doing the said threat or wrongdoings. Most of the attacks these days are financially motivated. So,make sure that you’re actually up-to-date with your financial records and credits. 📌 Be aware of the footprints that you’re leaving online. In the age where we overshare everything, the last one is something we all fall into victims of. Even for me, that was the grave mistake I made that I overshared here 😂despite knowing that I shouldn’t. If you still think you have nothing to hide. We all have something. It’s just the matter of any attacker to hit the right scenario to play us around. It could be our dark past, current self, anything really. Everything can bite us back. Be safe out there everyone\!