Metadata is information that describes the characteristics of specific data file or data set. For example, photos often embed metadata within the photo file itself. Photo metadata includes things like the date, time, and location a photo was taken. Sometimes photo metadata includes copyright or licensing information about the image. Metadata is often automatically created by your camera.
Metadata isn’t free from being tampered with. Crafty hackers often edit metadata to hide sensitive information or to improve the “believably” of their phishing schemes. As mentioned in this CyberHoot article, metadata can be modified to trick customers into believing the photo is authentic. Hackers put fake postings onto the Internet for various products. It’s important to be able to look up metadata to help users investigate potential fraud. Changing Metadata should not be confused with the more sophisticated technique of hiding data known as Steganography, in which pixels of an image are manipulated systematically to hide data that can be reconstructed if you know the key to doing so.
Additional Reading: Hackers Latest Scam: Pet Adoptions
What does this mean for an SMB?
Metadata should be used to validate online product purchases, especially when buying from potentially insecure sites (craigslist, pet adoption site, etc). Oftentimes, photos are sent to prospective buyers considering purchasing the product. These photos are generally sent via email, but also to mobile devices directly. When inspecting photos that are sent to you, there are a few things that you should be doing:
- Check the MetaData of the photo – Timestamp and GPS (if taken on GPS-enabled device) of photo
- MetaData2Go.com is a free online tool
- Right click and select “Inspect” if you are on a Mac to retrieve the MetaData
- Right click and select “Properties” if you are on a PC to retrieve the MetaData
- Review the results to determine if the photo matches up with details from the seller (ex: GPS: Kentucky, Seller: Florida)
- Do a reverse image search on Google
- Right click on the photo and select “Search Google for Image”
- Review the results to see if the photo sent to you has appeared anywhere else on the Internet
- If the photo appears elsewhere you’re likely dealing with fraud
If any of these metadata tags have been removed, modified or seem suspicious, move on to some other product vendor. It’s not worth the risk of purchasing fraudulent goods or services online.