We’ve all seen our friends and family sharing quizzes on their social media profiles, prompting people to find out what their celebrity stage name or what Hogwarts house you would be in, or to share what their first concert experience was. These fun, lighthearted quizzes are a great way to get to know a little more about the people we’re connected with… and that’s the biggest problem.
Let’s go over how these quizzes can easily obtain the information needed to gain access to a person’s social media profile.
“Your New Last Name is the Name of the High School You Attended!”
The big problem with these quizzes is that, innocent as they may seem, a lot of the questions they ask line up with the security questions that numerous accounts—your bank and credit cards, for instance—will use to confirm your identity when you try to recover your password.
Or, when “you” try to recover your password.
These security systems can’t tell who it is typing in these answers, they can only tell whether or not the provided answer matches the one they have on file. Your bank doesn’t know that you figured out what your superhero name would be and revealed your first pet’s name in doing so. From the bank’s perspective, you just forgot your password, and need to use your recovery questions to reset it.
When you consider these online quizzes and the questions they frequently ask, they line up with the recovery questions that a lot of platforms request when resetting a password. Your first pet’s name, your mother’s maiden name, the model of your first car—all of these questions are commonly used as security measures. So, by sharing the answers to these questions in response to these quizzes, you are potentially giving someone easy access to your accounts.
These Questions are Effectively Phishing on Social Media
Phishing is nothing to take lightly in any of its forms—including that which appears on social media. It is important that you and your team always have an eye out for these attempts in the office and out. Keep an eye out for some of the hallmarks of a phishing attack—misspelled addresses, overly alarmist subject lines, and unprompted attachments—and impress these practices on your employees as well.
Unfortunately, cyberthreats are not confined to either the office or the home, so vigilance is always somewhat necessary. However, Wolk9IT is here to help keep an eye on your work processes. Give us a call at (646) 741-1166 to learn more.