Social Security numbers are the main way to compromise someone’s identity. It can provide access to health insurance, taxe filings, or available credit. Still wondering why you shouldn’t send a picture of your social security card over the internet or through cell carrier SMS messages? Thieves know how powerful and relevant these nine-digit numbers are and will do anything to steal them.
There are many ways that cybercriminals steal SSN’s. They can take advantage of a user’s personality via social engineering or bad cyber security practice. This post was written as an eye-opener to how your SSN can be stolen when sending it via SMS messaging.
Can My Social Security Number Sniffed?
All a hacker needs to do to jeopardize your financial situation is steal your SSN. They can combine this number with other private details they’ve stolen from you. With this information, they can make your life extremely inconvenient. With your SSN, they can open credit accounts, obtain unemployment insurance and commit crimes in your name.
Due to these possibilities, the Social Security Administration has advised the population to keep their SSN as private as possible. This includes other PII details like your driver’s license numbers, medical ID’s, and any kind of insurance information. Some random individual can pose as a company’s representative, asking you to send or “verify” a picture of your social security card. This may be via email or SMS messaging.
You should know that emails are not as secure as you think. Even though you require a password to access your email, it doesn’t make them less vulnerable to attacks. Here is how it works: when you send an email, it travels several networks and endpoints before it eventually reaches the recipient.
During this time, hackers could intercept or “sniff” the email traffic without your knowledge. This can happen if the network that you are connected to when the message was sent was compromised, or you and/or the recipient’s email account has been breached.
Email isn’t a secure means of communication by default. Email traffic can be completely unencrypted; this is where encryption protocols and public key infrastructure (PKI) comes into play.
How Do Hackers See SMS Messages I Send?
You may not be coerced into sending a picture of your social security card to a hacker directly. However, they can intercept the message; this puts you at great risk. There are two kinds of sniffing, active sniffing and passive sniffing. Hackers can use both kinds of sniffing to steal private information.
Sniffing apps were originally intended to help administrators manage their network traffic. They can also assess the performance and diagnose faults of the servers and network devices (routers, switches, etc.).
Sniffing software modifies computer network settings so that it captures every packet of data sent across it. This is simply a tool for cybercriminals to tap into a network and hijack the traffic transmitted in the network. A hacker can access your login credentials or any other sensitive data sent across the network by monitoring your network.
Cybercriminals usually employ social engineering to trick their victims into downloading these sniffers or listeners. One common way is sending victims emails with attachments that are embedded with backdoor trojans.
An alternative to this is hackers sniffing unsecured public Wi-Fi. This creates a trap for a victim connected to public Wi-Fi. The attacker can set up a rogue access point with the same name as the legitimate Wi-Fi SSID (service set identifier) for the victim to connect to.
Sniffers and listeners are perfect tools that cybercriminals use to obtain sensitive information sent across such networks. Wireless sniffers are particularly popular in spoofing attacks. A cybercriminal can use the data the sniffer captured to spoof a device connected to the wireless network.
Are Text Messages Encrypted?
The attention of cybercriminals is further spreading to include hacking data sent via text message. This is the reason why you shouldn’t send personally identifiable information (PII) like your social security card to anybody via text. So to answer this question, are text messages encrypted? The simple answer is no. Text messages move through the network of the carrier in this fashion:
- Mobile device to cell tower
- Cell tower to the provider (this process occurs via unencrypted microwave transmission)
- The SMS is then processed and stored in the provider’s database
- The message is transmitted to the recipient, again, unencrypted.
You could argue that your mobile provider says your messages are encrypted. Well, the only encryption provided is built into the GSM. Only cell phone towers are encrypted during mobile communication. This leaves a solid loophole for hackers to take advantage of.
How do I Send Sensitive data over the Internet?
Use Encrypted Messengers
Encrypted messengers such as Signal and Wickr Me are two highly-encrypted messengers you can bank on. Using these apps, you can rest assured the information you send and receive is encrypted. One feature that makes this app stand out is its auto-delete to mitigate storage risks.
WhatsApp is NOT a good option for encrypted messaging. This app is owned by Meta (formally Facebook) who has been accused and sued multiple times for negligent and misuse of user’s personal data. Of course you will be told that your data isn’t shared with third-parties or stored insecurely, but would you really trust them?
Encrypt Your Email
Two very powerful encryption tools are Pretty good privacy (PGP) and public key infrastructure (PKI). PGP authenticates, encrypts, and provides cryptographic privacy for emails. They can be employed to sign, encrypt, and decrypt texts for email use. This is all for the purpose of increasing the security of your emails.
PKI, on the other hand, works with keys and certificates. It’s simply a long string of bits that helps users encrypt/decrypt their data with. Most hackers find it difficult to intercept data sent across networks that use PKI and PGP.
Use Secure File-Sharing Services.
Sending sensitive documents like SSN can be very risky. This is why file-sharing services like Google Drive and Dropbox come in handy. They are encrypted services. However, they may not be the best encryption option since they don’t delete their contents automatically. You have to do this manually; if not, you’re again at storage risk.
If you choose to store these files in the above services, be sure to encrypt each file using a utility like Axcrypt. Even though the file may be in your Dropbox or Google Drive, if they were to become compromised, your files would be accessible to the intruder.
Conclusion
Sending sensitive information on the Internet has now become riskier than ever. If an unknown individual is demanding a picture of your social security card, should this be given out? The answer to this is that there are only very few situations where your SSN must be provided.
This may be from your doctor, dentist, loan department, employment, or financial institutions that mighty need it for certain functions. Be careful not to give this out to anybody claiming to represent such institutions, you must always verify, as it may be a cybercriminal trying to trick you. Besides being at risk of directly giving it out to hackers, sending it to friends is equally dangerous; this is not recommended.
