If you use any social media platform, you’ve likely come across a post that says something like, “Your preppie name” (or pirate name, indie band name, etc.) “is the street you lived on as a child plus the name of your first pet.” the hilarious results are counted in the thousands in the comments.
Facebook quizzes and questionnaires may seem harmlessly fun, but the comment sections below these posts are a mine of potential passwords, served as a buffet for suspected cyber crooks. Not on social media? Unfortunately, you’re still at risk from texting, phone calls, and emails. This manipulative tactic is a newer variation of the classic cyber attack known as phishing. Here’s what you need to know to protect yourself.
What is Phishing?
Phishing is how malicious hackers use human error – typically by preying on a person’s technical knowledge gaps – to gain access to private or confidential information. Instead of a brutal attack, a cybercriminal pretends to be a familiar face or legitimate organization that issues a call to action that sounds either funny or urgent. When you get into a false sense of security and catch the bait, the phisher intercepts your confidential information.
Cybercriminals use aspects of human nature such as fear, greed, curiosity, help and a sense of urgency to according to Terranova Security. You’ve probably received one of those infamous voicemails about your car’s extended warranty that is about to expire. You probably know that this dethroned Nigerian prince who needs your credit card information to pay you back one million dollars is a cyber criminal. But this type of scammer can pretend to be something more everyday, like someone from your car dealership.
What does social media phishing look like?
Social media phishers post innocent looking, simple questions on social media asking about your first job or first car. These posts may seem carefree, but they are often frequently asked questions about security – and the comments section is full of replies.
These prompt questions might look like this:
- Who remembers their first-grade teacher? Let’s celebrate our educators!
- Toyota was not anyone’s first car. Prove me wrong!
- Name the movie you can watch over and over again.
- If you could go anywhere now, where would you go?
This does not guarantee that every post with questions you see was created by a cybercriminal, but these posts are dangerous regardless of the intention of the person who posted them. Posts are often public, and you can’t control who reads your comments.
The problem is common on Facebook, but it extends to other social media as well. Quizzes, Twitter and Instagram polls, and TikTok get to know you videos can be used by cybercriminals working alone or in groups.
Where else am I vulnerable to phishing?
A few of the more common types of phishing are an email that asks you to click a link to claim your reward or a text message that warns you that your bank account has been hacked.
These messages are designed to manipulate your emotions – fear of your vehicle crashing and out of range, the excitement of winning a competition or the possibility of getting extra money, or panic that your hard-earned money is at risk.
The thread that connects these messages is a sense of urgency. If messages require you to enter your Social Security number, password or account number, or click a link normal Nowyou are likely the recipient of a bogus scam.
How to protect yourself from phishing attacks?
Phishing scams are all too common, but there are steps you can take to stay safe. Here are some ways to block phishing attacks.
- Don’t give out confidential information on social media. Just don’t do it. It’s tempting to fill in “30 random things worth knowing about me” or join a conversation about what your first car was like, but the risk of using that information against you is far greater than you might think. Do not respond to hints and do not share them with others.
- Check the source. Who or what organization is sending you this message? Have you had contact with them or before? Does it make sense that they are addressing you? Verify any gifts from other sources, and if you’re unsure, don’t take the bait.
- Slow. An attacker who uses social engineering in a panic reaction instead of a clear response. Think if the message makes sense. For example, would your supervisor ask you to reveal your password via SMS – or at all?
- Look for inconsistencies. The way the message is written tells a lot about its authenticity. Are the words misspelled or spaced oddly? Hover over any links without clicking them – does the linked page even match the email content? Many phishing scams fall short of scrutiny.
- Mark, report and block spam. If you receive a suspicious email or SMS, mark it as spam, report it to IT, or delete it.
For more information on information security, check outand .