There are countless amounts of people on the internet who are masterminds at taking other people’s personal information. These individuals are proficient in Social Engineering.
What is Social Engineering you might ask yourself?
It is a form of deception with the intent to have individuals release confidential or personal information to use that for fraudulent purposes. We usually associate these forms of fraud with jokes such as those email threads where a prince of another country needs to send you large sums of money, and to do so needs your bank account information. Nice try prince. We’re not falling for that one!
But what if it’s no longer a prince asking for your bank account through an unrecognized email address?
What if it’s a close friend or family member asking for your information over Instagram or Facebook?
How do these deceptive people on the internet use your trust through Social Media to get what they need without being noticed?
Social Media platforms such as Instagram, Facebook, TikTok, Twitter, and others have become the perfect grounds for Social Engineers to get a hold of personal and confidential information without having to do much work. How so?
If you’re on one of these platforms, maybe you have seen particular challenges or chain stories going around. Suddenly a close friend or family member posts a picture and tags you asking you to participate and continue tagging others to ‘keep it going,’ and most of the time linked to a #hashtag.
Have you ever asked yourself, where did that post originate? Who started it, and why? If you have ever attempted to trace back the original uploader, you’ll more likely than not find yourself never finding that answer. But why is it so important to stop and think about reposting?
Well, to start, we need to go back to when you first decided to open a profile. When creating an account, most people set up security questions. Like, Questions such as your mother’s maiden name, the place of your birth, your favorite fictional hero, etc. These questions also are often the same questions used for other accounts other than just social media. For example, you’ll see those questions appear as well for online shopping accounts, credit loans, and other websites that require a login. That is where the danger lies.Those social media challenges, or tagged photos have tasks going along with them. Tasks where you have to upload a picture, tag someone, or fill out a field with answers. Answers usually linked with the security questions.
Here is an April Challenge for 2020 that had over 2000 likes on Instagram. It had numbered tasks for every day of the month that the users were supposed to complete/fill out. Here are just some of the fields:
– Favorite Hobbies
– Favorite Holiday
– Favorite Song
– Zodiac Sign
Although this post may not be malicious in itself, nor did the user posting it intend any harm, the post is now susceptible to any social engineer. The post was public and had the hashtag #AprilChallenge making it easy to find and see all the answers people used. A Social Engineer isn’t going through scroll through the thousands of posts but does have bot accounts that go and do the work for them. Using this data along with the username of those who posted, they can now attempt to force themselves into accounts and change the passwords taking over completely. They now can use those accounts and the already collected data to get into emails.
They can now access nearly everything associated with the email address. Like the before-mentioned shopping accounts where credit card information is stored, accounts for credit loans where much more sensitive data. Data that can cause real damage, the type of damage that can ruin lives, or set individuals and families back years trying to re-establish themselves as credible and trustworthy. Some Social engineers don’t do anything drastic maybe they spam your followers and get you banned. Other times they stay hidden and make no noticeable changes so that they can sell your information online through the dark web.
It is scary to think about how something so simple can cause a lot of damage. With knowledge and reason, you can stay safe from these attacks. Here are some practices you can do:
–Change your password frequently and make sure it’s a strong password. Don’t repeat passwords!
–Check your recent activity for any suspicious logins. You can usually use the web portals to sign out of devices you don’t recognize.
-Use MFA (Multi-Factor Authentication) to provide a second layer of security