|
Kaspersky advises how to
keep your online fitness
journey secure
(DUBAI)
-
Health and fitness
goals remain a top priority
for many people, especially
during peak sports seasons
and moments of renewed
motivation. Reflecting these
trends, online personal
training has become
increasingly popular,
boosted by the influence of
social media platforms like
Instagram and TikTok.
However, as more users turn
to these services to
kickstart or maintain their
fitness routines, many
overlook the potential risks
to their personal and data
security. To help users stay
safe while pursuing their
goals,
Kaspersky shares
practical tips on how to
avoid common cyberthreats
and protect their digital
well-being.
Social
media networks are reshaping
personal training in ways
offline services simply
can't match. By producing
engaging content like
workout demos,
transformation stories,
fitness tips, and more,
personal trainers are
becoming self-made
influencers, reaching global
audiences and intriguing
followers to pay for their
services. In fact, the
global online fitness market
is expected to grow at a
compound annual growth rate
of 29.6 percent until 2033.
However, signing up for
virtual programs like these
often involves sharing
sensitive personal
information, such as health
data, progress pictures, and
payment details, with
someone you may never have
met. Frequently, much of
this exchange takes place
through the trainer’s social
media profile or messaging
tools, often without any
contracts or adequate formal
agreements. This
significantly increases the
risk of users’ personal
information being
compromised or misused.
While specific breaches tied
to online personal training
services have not been
widely reported, fitness
apps have often made
headlines for similar
mishaps. Given the parallels
between fitness apps and
virtual coaches, users must
exercise caution.
Among the forms of data
misuse in this context are,
but are not limited to, the
following:
1.
Exposure to third-party
tools
In the world of
online personal training,
many fitness professionals
depend on third-party
services to manage essential
parts of their business —
such as scheduling workouts,
processing payments,
communicating with clients,
and delivering customized
fitness programs. However,
not all of these third-party
services are designed with
cybersecurity as a top
priority. If even one of
them lacks strong
encryption, fails to comply
with data protection
regulations, or suffers a
data breach, it could expose
users’ sensitive
information, including
health data, location,
progress photos, and
financial details. Worse
yet, clients often don’t
even realize how many
different tools are involved
behind the scenes.
This fragmented setup
creates multiple points of
vulnerability, where
personal data might be
intercepted, leaked, or
misused — especially if
login credentials are
reused, software is
outdated, or permissions are
too broad. Therefore, both
trainers and clients need to
be aware of the tools they
use and ensure these
platforms meet basic
security standards.
2. Exploitation of progress
photos
Progress
photos are a common part of
virtual fitness coaching.
Clients often share
before-and-after images with
their trainers to document
physical changes over time,
track results, or celebrate
milestones. These photos can
be deeply personal,
frequently taken in minimal
clothing to clearly show
muscle tone or fat loss, and
are usually shared in
private chats or via email,
often without any formal
agreement on how this
content will be stored,
used, or protected.
These images can be misused
in a variety of ways. In
worst cases, if devices or
messaging platforms are
compromised, these images
can be leaked online,
scraped by bots, or used for
identity theft,
impersonation, or
harassment, especially if
they include geotags, faces,
or usernames. To reduce this
risk, both clients and
trainers need to agree in
advance on how such images
will be handled, stored, and
whether they can be
published, ideally in
writing. Additionally,
clients should be cautious
about what they send, avoid
including identifying
features, and choose secure
platforms for sharing
sensitive media.
3.
Impersonation risks
Personal trainers who build
their business through
social media often become
micro-influencers,
attracting large, trusting
audiences. But with that
visibility comes risk: if
their account is compromised
— whether through weak
passwords, phishing attacks,
or leaked credentials —
cybercriminals can take
control and begin
impersonating them. Once
inside a trainer’s
Instagram, TikTok, or
WhatsApp account, attackers
can message clients or
followers under the
trainer’s name, asking for
personal data, login
credentials, or direct
payments for “exclusive
programs”, “limited-time
offers”, or fake
consultations. Because the
messages come from a
familiar account, users are
far more likely to comply,
especially if they’ve built
a relationship with the
trainer.
“While these
risks may seem alarming,
they don’t mean you should
abandon online fitness
programs entirely. Like you
warm up before a workout,
you should protect your data
before logging in. Virtual
coaching can still be a
powerful and motivating tool
— as long as you stay aware
of the potential pitfalls
and take steps to safeguard
your data and privacy,” says
Anna Larkina,
Privacy Expert at Kaspersky.
Take proactive steps to
protect yourself. For
instance:
•
Verify the trainer's
identity: research
the trainer's credentials
and certifications through
reliable fitness
organizations. Look for
reviews and testimonials
from verified clients.
Verify
if their social media
profile is verified (indicated
by a blue
checkmark or equivalent).
• Avoid
clicking on unverified
links: never click
on links sent via
unsolicited messages or
emails claiming to offer
fitness deals. Instead,
navigate directly to the
trainer’s official website
or a trusted platform.
• Check for
HTTPS: ensure any
website you’re directed to
uses HTTPS in the URL,
indicating it is secure.
• Avoid
oversharing:
provide only essential
information and ensure that
sensitive data, like health
records or progress photos,
is shared through secure and
encrypted platforms.
• Use a reliable
security solution:
that protects your devices
against malware in real
time, by blocking malicious
sites, phishing emails,
infected ads, and credit
card skimmers created by
hackers to steal your data.
Kaspersky is a global
cybersecurity and digital
privacy company founded in
1997.
PRINT
THIS ARTICLE
|
