Social networking sites allow people to share personal information about their daily lives through posts, pictures, and now geo-locations. Every post or tweet you create is added to your digital blueprint, creating a summary of your online self. In addition, if your privacy settings are not up to date, nonexistent, or are loose, strangers or scammers can access your information. Once they have access, they can use it to create phishing scams targeted towards you through social engineering or guess typical security answers for your password/online accounts.
Take a minute to ask yourself a very important question: Do you expose too much information on social media? Let’s take a look at a few social engineering scam scenarios and measures you can take to protect your social profiles.
1. Jane is in line at her favorite retail store, XYZ Company. A stranger approaches her and says, “It’s Jane right? I know your brother Joe Smith! We all went to 123 High School together. It’s been forever, but last time I talked to him he mentioned you had a baby, congrats! Could you give me his email and phone number so I can get back in touch with him?” Jane happily agrees. Reality—the stranger is harvesting information on both Jane and her brother Joe to steal more personal information. The stranger was able to see Jane’s relationship to Joe, her recent photo upload of her baby, and the high school she attended, to create a broad but personal story. The stranger also knew Jane shopped at this store based on a recent post and what she looks like, so they could plan a “run in” with her.
2. Jane receives an email from an unrecognized email address about her political candidate, Craig Sample, but it looks legitimate. They want support for his campaign and request a small donation of $5 to increase awareness on the candidate. Jane clicks on the link and inputs her credit card information. Reality—a scammer has made a phishing email based on Jane’s political preference post on her Facebook profile. Once she hits submit the scammer know has her credit card information and could also be downloading malware to her computer.
3. Jane creates a new passwords for her utilities account. She decides to make it easy to remember and simple, so creates it based on her anniversary date. For additional security, she creates security questions. She picks, “what is your pet’s name” and “what is your mother’s maiden name”. Reality—a fake connection on Jane’s friends has been collecting information on Jane, and knows that her mother’s maiden name is “Johnson” and her dogs name is “Fluffy”. The hacker can attempt to access her account.
4. Jane gets a call from her previous employer Company ABC. The lady on the phone says, “Hi Jane, my name is Jeanette, I am calling on behalf Mr. Thomas, the Human Resources Manager. He wishes he could talk with you, but is busy with open enrollment. He asked me to ask how your husband John is doing. We are completing a company audit, and need to confirm some of your previous invoices. Before we begin can you confirm you social security number for me, so I know I’m speaking with Jane Doe”. Reality—the scammer has collected information through Jane’s social media profile (previous employer, phone number, husband, etc.) and a google search of the company to reveal past co-workers to obtain Jane’s social security number.
These are only four scenarios that could happen based on Jane’s public information, but the possibilities go on. Make sure you are doing what it takes to help protect your social profiles by:
- Living online like a biography, not a diary
- Limiting the amount of personal information you share
- Cleaning out your social networks – only allow true friends to see your information
- Frequently updating your privacy settings
- Connecting with people you truly know- not just based on a mutual connection