hooded figure on computer

Is It a Social Media Game or a Clever Hack?

If you’ve been on social media sites such as Facebook and Twitter, chances are you’ve seen them. Posts that appear to be innocuous enough, asking for a combination of personal info to find out things like what your Bridgerton name would be by asking you to name your grandmother’s name combined with the street you grew up on.

The problem with these types of posts is that they are not innocuous – far from it. These attempts by various entities to gather personal information are a type of social engineering.

What is Social Engineering?

According to this helpful article on Imperva, social engineering is “the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.”

The types of posts you may see on social media sites will ask all sorts of questions related to personal information that is often the same type of information used in security questions used to retrieve a forgotten password. A single question may appear innocent enough, but the way these scammers often operate is to gather information through multiple questions. For example, to gain access to someone’s account by answering security questions, you will often need to enter your birth date. These social engineering posts will be clever in the way they ask for information. Instead of, “post your birthday!” they will instead ask things that combine your birth month or number combined with other information. If you were to comment that you were born in January, they would have one piece of information. Another post may ask when you graduated high school, or what age you were in a certain year. When pieced together, the perpetrators have your birth date.

Type "Halloween" and the year you were born in the GIF bar. That's your costume this year.
Example of a social engineering meme

Answering security questions can be used to retrieve a forgotten password or as an extra security measure to log in to some websites. Some common security questions ask about the street you grew up on, your favorite pet’s name, or the name of your firstborn child. To get this information, the perpetrators will word it in a different way such as, “what’s the name of the child who made you a mom?” A question that sounds innocent, but has malicious intent.

What Do They Do With the Information?

There are several ways the perpetrators can use your information. The easiest way is security questions. Once they have your information, they can visit your various accounts, be it Google, Yahoo, or even your bank account, and use the information to reset your password. What about the example question mentioned above about the name of the child that made you a mom? A common security question asks the name of your firstborn child. Your favorite subject in high school is another common question asked in Facebook posts that people answer without hesitation.

Besides answers to security questions, this information gives a heads up to those attempting to guess passwords. If hackers have a starting point, for instance, if your password contains the name of your childhood pet or your first born, it makes it easier to guess the rest of the password, especially if they are using hacking programs that can automate the process.

Men laughing with text "we posted a Facebook quiz with password security questions and they not only answered the questions, they shared it with their friends.

An Easy Solution

An easy way to combat this problem is to not share personal information on social media. While you may think only your friends will see the answers, once you comment on a public post, anyone on the internet can see the information you provided. Another way to avoid this problem is to not use security questions when given the choice. Instead, opt for a backup email address or a text message as a way to verify your account in the case of a forgotten password.

While the attempts to find out personal information on social media are plentiful, with due diligence, you can keep your information away from these information harvesting attempts by scrolling right past them.

Have you noticed these types of posts on social media? Let us know in the comments.

Leave a Reply