DZone
Integration Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Integration Zone > Potential for APIs to Target Us Online By Adding More Context

Potential for APIs to Target Us Online By Adding More Context

APIs are increasingly opening up signals about our daily lives, providing context for phishing campaigns and increasing the chance that people will fall for attacks.

Kin Lane user avatar by
Kin Lane
·
Nov. 04, 16 · Integration Zone · Opinion
Like (0)
Save
Tweet
1.96K Views

Join the DZone community and get the full member experience.

Join For Free

Many folks see me simply as a cheerleader for APIs. In reality, I am more of an evangelist for the bad that can happen with APIs. I believe that sharing of data, content, and algorithms using web APIs has the potential for good, but in reality, they are often be used for doing some pretty shady sh*t. 

An example of this is found in my inbox this morning, and I'm sure is something everyone will encounter at some point in their daily lives. It is an email for an undelivered Fedex package, which I know better than to click on, but sadly I think it is one that many folks will fall for.

Why do they fall for this? Because the email potentially has relevance, as I just ordered a handful of packages from Amazon that were being shipped via FedEx (I do not order much online). Using the FedEx API, anyone can query the status of a package. I'm assuming that there are folks out there who are scanning for the presence of delivering notifications. (I'm not up to speed on the details of how you can do this.) I'm unsure if they can get my email alongside this information, but I don't think this matters. I think they can correlate data about where I live and the fact I'm receiving packages; whether the email came from API or through other form's intelligence doesn't matter. 

My point is more around the fact that APIs are increasingly opening up signals about our daily lives, providing a wealth of context for phishing campaigns and increasing the chance that people will fall for these attacks. My solution to this problem does not involve a knee-jerk response to providing APIs; I am just looking to just warn API providers that they should be monitoring for this type of behavior on top of an API, and we should help the average email users and Amazon package receiver that these dangers exist. Everyone should pause and think deeply about each link or file attachment we click on, no matter how relevant it might seem in our daily flow.

API Data (computing) Signal Form (document) Receiver (information theory) Database Links

Published at DZone with permission of Kin Lane, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Getting Started With RSocket Kotlin
  • No Code Expectations vs Reality
  • Vaadin Apps as Native Executables Using Quarkus Native
  • Monolith vs Microservices Architecture: To Split or Not to Split?

Comments

Integration Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo