Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Potential for APIs to Target Us Online By Adding More Context

DZone's Guide to

Potential for APIs to Target Us Online By Adding More Context

APIs are increasingly opening up signals about our daily lives, providing context for phishing campaigns and increasing the chance that people will fall for attacks.

· Integration Zone
Free Resource

Build APIs from SQL and NoSQL or Salesforce data sources in seconds. Read the Creating REST APIs white paper, brought to you in partnership with CA Technologies.

Many folks see me simply as a cheerleader for APIs. In reality, I am more of an evangelist for the bad that can happen with APIs. I believe that sharing of data, content, and algorithms using web APIs has the potential for good, but in reality, they are often be used for doing some pretty shady sh*t. 

An example of this is found in my inbox this morning, and I'm sure is something everyone will encounter at some point in their daily lives. It is an email for an undelivered Fedex package, which I know better than to click on, but sadly I think it is one that many folks will fall for.

Why do they fall for this? Because the email potentially has relevance, as I just ordered a handful of packages from Amazon that were being shipped via FedEx (I do not order much online). Using the FedEx API, anyone can query the status of a package. I'm assuming that there are folks out there who are scanning for the presence of delivering notifications. (I'm not up to speed on the details of how you can do this.) I'm unsure if they can get my email alongside this information, but I don't think this matters. I think they can correlate data about where I live and the fact I'm receiving packages; whether the email came from API or through other form's intelligence doesn't matter. 

My point is more around the fact that APIs are increasingly opening up signals about our daily lives, providing a wealth of context for phishing campaigns and increasing the chance that people will fall for these attacks. My solution to this problem does not involve a knee-jerk response to providing APIs; I am just looking to just warn API providers that they should be monitoring for this type of behavior on top of an API, and we should help the average email users and Amazon package receiver that these dangers exist. Everyone should pause and think deeply about each link or file attachment we click on, no matter how relevant it might seem in our daily flow.

The Integration Zone is brought to you in partnership with CA Technologies.  Use CA Live API Creator to quickly create complete application backends, with secure APIs and robust application logic, in an easy to use interface.

Topics:
integration ,apis ,security

Published at DZone with permission of Kin Lane, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}