Recently, the Cybersecurity Bureau of the Ministry of Public Security issued a reminder urging people to be cautious when sharing personal information online. In 2023, in China, a report by the Supreme People’s Procuratorate noted a 36.2% rise in computer-related crimes, including social media fraud.
While many of us are aware of online scams and threats, technology is moving at breakneck speed especially with AI, and cybercriminals are constantly finding new ways to exploit what we share—particularly photos.
In today’s digital age, sharing photos on platforms like WeChat, Instagram, and Facebook has become a daily habit. However, this convenience comes with hidden dangers.
Understanding the Risks, a Global Problem
It’s important to understand the risks associated with posting photos online to safeguard your personal information. Here are a few common scenarios where photo-sharing has led to unintended consequences:
Travel Documents, Tickets and Holiday Snaps
Sharing photos of travel documents like boarding passes or train tickets might seem harmless but can expose you to significant risks. Cybercriminals can easily extract personal information such as ID numbers, travel itineraries, and booking references from these images.
Boarding Pass Scans Leading to Identity Theft: In 2016, security expert Brian Krebs demonstrated how a publicly shared photo of a Lufthansa boarding pass could lead to identity theft. By scanning the barcode, cybercriminals can access sensitive information such as the traveler’s frequent flyer number and flight details, which could be exploited. You can read more about this here: Krebs on Security – Lufthansa Boarding Pass
In 2023, the UK’s National Fraud Intelligence Bureau reported a 24% increase in identity theft cases, many of which were linked to online information sharing.
In Australia, the Cyber Security Centre has also warned against posting personal documents (including travel documents) online due to the growing threat of identity fraud.
Posting Event and Travel Photos in Real-Time
Sharing real-time updates about vacations or large gatherings can unintentionally signal that your home is unoccupied, increasing the risk of burglary.
Holiday Snap Resulting in Burglary: In 2017, a couple in California experienced a home burglary after sharing real-time updates of their vacation on Facebook. Burglars used their posts to determine when the house would be empty. You can read more about this here.
A study by the University of Portsmouth found that 78% of criminals convicted of burglary used social media to identify potential targets. Likewise, the Australian Institute of Criminology reported that 70% of convicted burglars believe social media helps them find empty homes. To reduce the risks, consider waiting until after you return home before posting travel photos.
The Risks of Sharing QR Codes: A Cautionary Tale
One recent incident in Kunming, Yunnan Province, illustrates just how easily an innocent social media post can lead to financial chaos. A woman named Wang shared a photo of her hot pot dinner on WeChat Moments, not realizing the image also included the QR code for ordering from her table.
Scammers quickly began placing malicious orders using the exposed code, racking up an astonishing bill of over 430,000 yuan ($60,000). Despite Wang quickly deleting the post, the fake orders continued. Although the restaurant didn’t make her pay the bill, the incident highlights the risks of sharing photos that contain sensitive information like QR codes, which are now widely used in restaurants and businesses across China.
Photos of Keys and Home Security
Posting photos that reveal house keys or security devices like alarm systems can expose you to risk.
A study by the University of California, San Diego, demonstrated that criminals can replicate keys from photos taken from up to 200 feet away. Apps like KeyMe allow users to duplicate keys from photos, showing how easily security can be compromised.
How a Photo’s Hidden ‘Exif’ Data Exposes Your Location
Photos often contain embedded metadata, such as Exif data, that can reveal your precise location. Criminals can use this information to track your movements or plan break-ins.
According to Consumer Reports, Exif data embedded in photos can expose sensitive information that can be exploited by malicious actors. A study by PrivacyEnd also highlighted how easily location data can be misused.
To protect your privacy, disable geotagging in your phone’s camera settings. For iPhones, go to Settings > Privacy > Location Services > Camera and select “Never” for location access. Android users can disable location tracking in the Camera app settings.
Phishing and Social Engineering Attacks Using Photos
Hackers often use personal photos to craft phishing emails or social engineering scams, impersonating you or tricking others into revealing sensitive information.
A report by Microsoft identified social engineering and phishing attacks as top cybersecurity threats, exploiting human behavior to gain access to private data. Secureframe’s research also indicates that personal photos are frequently used to make phishing scams more convincing.
Facebook Profile Clone Scam: In 2018, scammers cloned Facebook profiles by using publicly available photos. They impersonated the victims to send friend requests and trick others into sharing sensitive information, leading to identity theft and financial fraud. You can read more about this here
Think Before You Share
While sharing photos online is an enjoyable way to connect with friends and family, it’s essential to be mindful of the potential risks. Simple steps such as disabling geotagging, avoiding the sharing of personal documents, and waiting until after you return home to post travel photos can go a long way in protecting your privacy.
Related article: Woman’s Social Media Post Sparks Costly 430,000-Yuan ($60,000) QR Code Nightmare Bill
