Order labels include sensitive information such as the address or name of the store that sold the product, which can be used in scams.
When we talk about cybersecurity, it is natural that our minds automatically think of servers, codes, hackers working directly on the keyboard to invade virtual environments. The physical world, however, is also full of dangers and can compromise your security in the digital world: one of these loopholes is the incorrect disposal of parcel labels.
Daniel Barbosa, security researcher at ESET, warns about this particular vulnerability. According to the expert, physical means are very significant when it comes to cyberattacks, but they end up being ignored in many alerts.
What are the dangers of improper disposal?
Barbosa remembers that numerous sensitive information may be contained in the parcels received at home, such as:
- Full name;
- Complete address;
- Name of the store that sold the product;
- Name of the company responsible for transportation;
- In some cases, complete description of purchases and their quantities.
We have normalized the presence of this data so much that it seems stupid to talk about it, but it is very personal and, depending on the case, can be considered sensitive. According to the ESET expert, criminals can make different types of attacks in possession of this information, starting with social engineering.
One method, for example, is to pretend to be from the company that sold the object and ask the victim to access a website to update an alleged registration, handing over more sensitive information to the scammer. It is also possible that cybercriminals send malicious files disguised as a receipt that, when transferred, infects the user’s device.
In some cases, the purchase receipt comes in the packaging and, if improperly disposed of, this creates even greater problems: in possession of the note, criminals now know your NIF and other more sensitive data, which allows create fraudulent bank accounts or even take out loans in the victim’s name.
How to discard orders?
For the proper disposal of parcels, which involves render prints unusable or writing contained in physical items such as labels, direct mail, invoices, hospital exams or any other means that contain confidential information, it is necessary to pay attention to the type of material that contains the data, according to Barbosa.
In the case of plain paper, pens and stamps can efficiently blur information, leaving everything illegible to scammers. In the case of thermal paper, approaching a heat source, such as a candle flame, dryer or hair straightener, may be the solution: this will leave a dark stain on the materialcovering the data you want to hide.
If the surface has information filled in with a pen, it is advisable to erase it with random linespreferably with a similar pen. Pens leave raised marks on the surface, which makes the information identifiable if it is simply covered with ink: marking with the same type of relief is necessary, in this case, to prevent criminals from acting.
Physical media, according to Barbosa, cannot be ignored when protecting yourself from cyberattacks: they greatly facilitate scammers’ access to information that, on the internet, would be considered critical. It is important to think ahead and protect yourself on all fronts.
