Monday Author: Susanne Skinner
“Phishing is the simplest kind of cyberattack and, and at the same time, the most dangerous and effective.”
~ Adam Kujawa, Director of Malwarebytes Labs
Quizzes and random questions popping up on social media platforms are harmful to every single person answering them. Each time you respond, your risk of identity theft and fraud increases exponentially.
It’s called Phishing and it serves only one purpose: to collect, use and profit from your personal information. Even responses calling out an obvious bot or scam reveal, at the very least, your online name. Resist the temptation and move along. Phishing only works when you take the bait.
I’ve Been Hacked
It’s the phrase most often posted online after a bogus friend request comes through a social platform. We publicly announce the hack, telling people to ignore the fake invitation, then quickly change our passwords. People fail to realize they are the ones who open the door to hackers by responding to carefully constructed questions.
The hack most likely occurs when a question or quiz pops up in your social feed. In case you’re wondering what they look like, here are some recent examples:
- What did you have as a teenager you don’t have now?
- The one food I don’t eat is _______
- The name of your first-grade teacher
- What street did you grow up on?
- What’s the worst candy of all time?
- What is your first pet’s name?
- What was your high school mascot?
- How do you respond to a wolf whistle?
- Your stripper name is your middle name plus your first car
- How far away do you live from the place you were born?
Lucrative Phishing Opportunities
These seem like harmless questions but social media offers lucrative opportunities for cybercriminal phishing. Answering a quiz or question is the bait that reels you in. Your responses provide the clues thieves need to hack into password protected information and accounts. Responding to these random questions is like putting the target on your own back.
Facebook, Twitter and Instagram are abundant sources of personal information. The more you share, the easier it is for a thief to hijack your account or scam you. It happens all the time, to people just like you.
This is where you take a minute to ask yourself if I am talking about you. If your questions and answers resemble anything remotely like the ones above, then yes, I am. These are common data-mining and security question variants and the number of intelligent people answering them truthfully is staggering.
Social Engagement
Social-media platforms are nothing more than content producers and disseminators of information. A lot of disinformation is put out there along with the truth, and not everyone understands the disparity between internet fact and fiction.
Engagement in social media is the ability of a company to reach out and get a response from a consumer. What better place to track and analyze this type of data than the internet?
Social engagement happens when you Like, Share or Comment on a company’s social-media post. Companies range from recognized brands to something that looks like a company but may not be one. All of them use this technology to populate your newsfeed with tailored content designed to generate a high level of social engagement.
A strategic component of phishing is to ask a fun or nostalgic question that tempts you with a brief answer. Companies count on friends and followers seeing your participation, which in turn increases the number of shares, likes, views and responses.
It’s easy to masquerade as a real company while gathering information from unsuspecting contributors. and even real companies get hacked. Social networking sites connect us with friends, family, brands, trends, news and even celebrities. We share a lot of personal information with each other over the internet, including location, photos and messages. It’s the main reason hackers target social platforms.
I Thought It Was Harmless
Really?? Ask yourself how many quizzes and questions you answer that resemble primary and secondary security questions linked to your accounts. Even responding with” Who wants to know?” provides a link to your name and online profile.
Cybercrime needs two elements for success—a substantial demographic and a technology so sophisticated it goes undetected. Covid-19 forced the world to live and work digitally, creating the perfect landscape for cybercriminals to ply their trade. During the pandemic lockdown, cybercrime increased by 63 percent.
Bots are big cybercrime players, generating one in five fake websites, but not all bots are bad. A bot is simply a software script living on a computer, performing legitimate internet tasks. Search engines use good bots to analyze data and detect malware. Bad bots are cybercrime mutations; their only purpose is stealing your data, spreading disinformation and hijacking ecommerce transactions.
In the world of cybercrime, hundreds of thousands of bad bots deploying simultaneously generate illegal operations across the internet. Using credentials provided by YOU they log into your financial accounts, social platforms and ecommerce sites. Discovery occurs after the fact, and those odds are never in your favor.
Do Not Respond!
Don’t let curiosity get the better of you; do not respond, no matter how tempting it looks. While you’re at it, protect yourself with better passwords and security questions.
Password systems remain the weakest link in online security by asking for information that is well known to you. There is a strong likelihood others know it too, simply because you share it. A double authentication password and biometric ID offer higher online security and reduce the likelihood of a security breach.
Answering security questions with words or phrases unrelated to you is better than a truthful answer, and of course, you must remember them. But the best and safest way to protect yourself is by not responding. It really is that simple.