Beware Tactics of Social Media Scams

By nature, we’re social creatures and that’s why we trick or treat on Halloween. Sites like Twitter and Facebook have also capitalized on our outgoing spirit with great success. According to COO Sheryl Sandberg, Facebook draws 175 million logins every day. But with this tremendous popularity comes a devilish side. Cybercriminals go where the numbers are—and that includes popular social media sites. Their strategies range from using pop culture to the macabre. And all have one thing in common. They want something from you and are using social engineering—obtaining confidential information by manipulating and/or deceiving people—to get it.

All-important security questions
Security questions, or Knowledge-Based Authentication (KBA),  are the personalized questions,  like ‘What’s the name of your first pet?’ or ‘What street did you grow up on?’ that you set up on secure websites to help make sure it is really you logging in and to help prevent ID theft and fraud.

To be safer online, don’t choose the same common security questions and password options that everyone else does. If your security questions are devised well from the start, you won’t have to worry as much about accidentally giving away personal information to potential hackers. Topics to avoid include:

  • Favorite foods or colors
  • Vehicle make and model
  • Birthdays and important dates
  • Family members’ names
  • School name and location
  • First job

Some items could potentially change over time, and the rest are likely easily discovered simply by perusing a target’s Facebook news feed, or postings on other social media sites.

Many websites now allow you to write your own security questions, rather than forcing you to choose from a drop-down menu. And still other websites are learning to compose better security questions for their users to choose from.

When setting up your security questions, it’s best to draw on something more obscure: “What was the last name of your third-grade teacher?” or “What was the name of the boy or girl with whom you had your second kiss?” The answers to these questions should be easy enough to recall when needed, but are not likely to be found anywhere on a social media news feed.

Over-sharing info
With more and more people using the internet to share life moments on social media, experts are finding online users over-sharing key data points to their online financial information as well.

With just a little bit of information, people, through online searches and social engineering, can find out other things about you and keep building. It only takes one seemingly small piece of personal information to leave you vulnerable, even basic information like names and addresses. These tiny bytes of data can be built upon until a hacker has a pretty good array of information to work with.

Keep it to yourself
Earlier this year, a seemingly innocent Facebook post went viral. To partake in the fun, users simply listed the names of 10 musical events/concerts they had attended at some point in their lives. Nine of those concerts were to be true, and one was supposed to be a lie. Once posted, friends could comment on which concert they believed to be false.

The problem with the “10 Concerts I’ve Been To, One Is A Lie” post is that it provided a wealth of information  hackers could use to log into personal accounts or steal the identities of unsuspecting Facebook users. Privacy experts caution that the “10 Concerts” post could reveal too much about a person’s background and preferences. The first concert you attended might be a security question you’re asked on a banking, brokerage, or similar website to verify your identity. The lesson here is to safeguard even inconsequential information about you.

Beware of surveys
Cut-and-paste social media surveys have been popular for some time now. Typically, a user will copy a question or list of questions from a friend’s status or a Facebook page, paste it in his or her own status box, and replace the previous user’s answers. Many such surveys contain questions that could easily reveal information used in KBA security questions.

For instance, a Facebook status survey by Status Games includes such questions as:

  • Who was the last person you texted?
  • Where was your profile picture taken?
  • Have you ever lost a friend?
  • What song did you listen to last?
  • What’s your relationship status?
  • How many siblings do you have?
  • What are your brothers’/sisters’ names?

You can see how answers to these and other seemingly innocent questions can provide a vast amount of information from which a hacker could derive or guess the answers to security questions. Some can even divulge the schedules and habits of targets (when they are home, if they live alone, when they go to work, etc.).

Bottom line: Sites that attract a significant number of visitors are going to lure in a criminal element, too. So be sure to protect your personal information anytime you’re online, even if it seems like harmless fun.

References: Norton, Lifehacker, Maryville University, 16WNDU