How often do you check social media only to find your news feed clogged with your friends and family sharing the results of quizzes like, “Which Star Wars character are you,” or “What’s your superhero name based on your birthday.” While these quizzes might seem harmless on the surface, they often hide a far more sinister agenda, one which uses the personally identifiable information provided to them for nefarious purposes.
If your friends and family aren’t careful, these quizzes could be giving their hosts access to all the information they need to hijack someone’s social media profile.
The major concern we have about these quizzes is that they might appear to be lighthearted on the surface, but that the questions line up suspiciously close to the security questions that one might use to protect an account. For example, your bank and credit card accounts use security questions to keep them secure, so what happens if you give up this information to an online quiz?
That’s right—the hacker might use the information you willingly provided to hijack your account. All the hacker has to do is click that Forgot Your Password prompt and boom, they’re in.
This is because these security systems can’t always tell who is typing in the answers; all they do is check to make sure that the answer matches the one provided in the past. From the bank’s perspective, you’re just another customer who forgot their password and is using their recovery question to gain access to your account.
When you look at online quizzes and questions they might ask, they line up quite closely with the recovery questions that are often associated with resetting passwords, like your first pet’s name, your mother’s maiden name, the model of your first car, and so on. When you share the answers to these questions, you effectively give someone on the Internet everything they need for easy access to your accounts.
Even the most unlikely suspects could be considered social engineering attacks, especially on social media. It’s important that you give your team the tools and knowledge they need to identify these threats so as to avoid them. The same hallmarks of phishing attacks are present here, too: misspelled addresses, alarming subject lines, unprompted attachments, etc.
Cyberthreats are everywhere, so you can never be too careful. Remain ever-vigilant and be sure to train your employees on how to identify and respond to threats. To talk to an IT expert on training your staff and securing your business, reach out to us at 630-549-6199.