Digital security
You would never give your personal ID card to random strangers, would you? So why provide your computer ID? Beware of unsuspecting users, IP hoarders do not ask for your permission.
February 22, 2024
•
,
6 minutes. read
A common message that any user of a social platform like Discord can sometimes see is a warning about the inclusion of IP address catchers as links in messages on various servers. For someone who’s probably never heard of IP hoarders before, they probably wouldn’t think much of it, but the name itself should be a giveaway to what they do – i.e. -say “seize” or acquire its IP address.
Although it may seem harmless at first, IP addresses can be very valuable, both to legitimate businesses to prevent fraud, but also to some fraudsters. However, to understand the implications, let’s discuss what an IP address actually represents.
An IP address is a computer’s online identifier
As the header suggests, a Internet Protocol Address (IP address for short) serves a very similar function to a person’s identity card; it is a unique string of characters that identifies a computer on a network. Each IP address is unique and represents information of interest, such as the general location of a computer (but not precisely, mind you).
Indeed, for a computer to be able to communicate online, it must be identifiable, so that several computers can then recognize each other on a network. Think of the Internet as a chat room, with all users using unique nicknames to message each other – that’s exactly how it works.
However, compared to an ID, which contains much more personal data, it’s not like your entire computer is revealed to anyone who acquires your IP address. For example, when multiple devices connect to the Internet using a single router, they all have their own unique IP address; however, the connection still only uses the IP of the router itself. But this information remains valuable for many actors, and their intentions are not necessarily the best.
Part of a unique fingerprint
As written in a previous WeLiveSecurity blog on browser fingerprint, the IP address is included as a unique identifier, among other relevant device details. So every time you log into a website, no matter where you are, it can tell if it’s really you or if there’s a discrepancy in your access activity. This is why many sites log you out and ask you to re-authenticate when logging in. from a different location than usual.
Many Internet-savvy people use virtual private networks (VPNs) to hide their IP address because their connection is redirected through servers located in several different countries, for example. more difficult traceability. This is very useful even for basic users, as VPNs can serve a security function, making it more difficult for criminals to target your computer’s traffic. However, the rest of the fingerprint is still recorded unless the user takes further action.
What is an IP sensor?
Now let’s get to the juicy stuff. Since we know what an IP is and what type of data it can represent, it’s time to talk about the IP hoarders themselves.
An IP sensor is usually a link that, when clicked, records your IP address and stores it. What may follow is that someone can use another tool to track that IP address across the web, noting its interactions with various web pages on the network.
This is similar to how tracking works on phones, and it is also reminiscent of third-party cookies; However, there are more important differences between these methods, the main one being that IP sensors don’t record more than your IP address. Which is great, but hypothetically, knowing that IP address might be enough to do a little trickery, as they say.
The two faces of intellectual property grabbing
As stated earlier, there are several reasons why someone would want to register an IP address. First, some online stores might find it easier to target their customers with advertising, because since the IP address gives a general location, stores can tailor ads to be more personal. This is also done by social media sites to record your interests when you click on an affiliate link.
Additionally, it also helps prevent fraud by asking users to re-authenticate whenever their connection seems unusual, like someone is trying to establish a connection from a foreign IP address in Thailand, instead of their usual address in Los Angeles. Technically this isn’t IP address capture, but it’s a similar idea because it records and verifies a connection.
However, just like a store or website can access your IP address, so can other actors. But why would they? Having an idea of your general location wouldn’t be much help if it wasn’t connected to other forms of personal information (see the browser fingerprint example).
There are several reasons for this:
- Targeting and tracking – An IP address coupled with other information can make it easier to target a person or business for malicious reasons since the IP reveals their approximate geographic location. Additionally, if connected to a compromised public Wi-Fi network, for example, a scammer could track the user’s online activity with it.
- DDOS attacks – By obtaining an individual or company’s IP address, a malicious actor could use it to saturate the owner’s Internet connection, causing it to fail.
- Social engineering – A quick-thinking scammer could use intellectual property to obtain more information from an individual or even a company. This would then likely be followed or accompanied by another form of phishing, leading to a potentially larger cyberattack.
- Misuse of intellectual property – A smart criminal could misuse your IP address by impersonating your connection and committing illicit activities without your consent. In essence, it’s as if the scammer is using your IP address as a VPN, hide their own connection with your.
How to protect yourself against intellectual property grabbing
Now that you understand what an IP address is, what grabbers do, and how they can be misused, it’s time to explore some ways to protect yourself.
- Never click on random links online – This often needs to be repeated, but it’s worth it because the link you click on may not be an IP address catcher, it could very well be another form of malicious link , leading to malware infection.
- Use a VPN – Perhaps the best way to protect yourself is to use a Premium VPN service that masks your own address by routing your traffic through other nodes, thereby obscuring your IP address and location.
- Secure your firewall – Set strong passwords for your router and other devices, and use solutions that can improve your firewall protection to create a protective barrier between you and the Internet.
Of course, there are other ways to protect yourself, but these should be enough to create at least a basic form of protection.
WLS also recommends that readers stay away from free VPN servicesbecause they are risky due to the possibility of containing malware, being exposed to security compromise due to weak security protection or having its data recorded and sold to third-party advertisers infringing on a person’s privacy.
Stay safe
Despite the rather small amount of information an IP address can provide, it is still identifiable data, which can be used for illicit purposes if time and resources are spent.
However, by remaining alert to online threats, even those that may seem like innocent users sending you random links, you can stay one step ahead of attackers. And this, combined with a powerful and well-configured firewall, security solution, with a VPN to boot, can make everyone’s online presence much more secure.
Before you leave: What you need to know about iCloud Private Relay