In Which Social Engineering Reminds Me of “Saw”

Do you know what’s fun? Bragging about your pets; remembering movies when you were younger; talking about your first few jobs when you were a kid; discussing your favorite book; reminiscing about your time in college; etc. Aren’t these all great things and fun to do? I agree with you – they really are. And isn’t it fun to reply to memes like the following when we seen them? They give us a chance to talk about things we like and about our interests. Here is a great example:

Screen Shot 2020-04-30 at 10.51.32 PM.png

I mean who doesn’t want to play along with this?! But the fact is, when you reply to a meme like this:

NAME YOUR FAVORITE MOVIE - Willy Wonka | Meme Generator

What you are really replying to is this:

Screen Shot 2020-04-30 at 10.51.39 PM.png

Because that, dear reader, is exactly what they want you to think. Who is “they” in this situation? Social engineers. That is a fancy word for identity thieves. 

Companies recognize the need for enhanced security; passwords can be notoriously easy to guess (if your password is password, please pay extra attention). The easiest (read: cheapest) way to do this is to introduce security questions as an identifier. Common questions used for security have evolved from “What is your mother’s maiden name?” to include, among many, many more:

  • What is your favorite book?
  • What is your favorite movie?
  • Where was your first job?
  • What is the model of your first car?
  • What is the name of your first/current/favorite pet?
  • What is the name of the street you grew up on?
  • Where did you go to college?
  • Where did you meet your spouse?

These are just a few questions. Notice something about these questions when you think of your favorite fun memes? These memes are not just fun things to do; they reveal very important aspects about who you are – this information is called Personally Identifiable Information, or PII for short.

Now, I am sure a lot of you are saying – but these are fun and there isn’t really any harm in this. After all, you trust your friends. I agree, they are a lot of fun, and that is exactly what the social engineers who designed them are hoping you will think. They are betting you will trust your friends and want to play a game. 

Before you play the game, ask yourselves the following questions:

  • Who can see my reply?
  • Do I know every single person that can?
  • Do I trust each person that can see my reply?

Now, before you instinctively say yes, consider the following questions:

  • Who is on my friends list?
  • Do I know them all, or have I added a friend of a friend who I don’t really know because they seemed funny?
  • Am I replying to a post on a page with strangers?
  • I am posting on my own wall/page. Have I completely locked down my security so that only people I trust can see my post?
  • I am posting on my friend’s wall/page. Has my friend completely locked down my security so that only people I trust can see my reply? (Note: do you really want to trust the judgement of the guy who thinks beans belong in chili?)
  • My friend has locked down his page so the public can’t see. Do I know all of my friend’s friends, and do I trust each of them as much as my own friends (hint: if they are not all your friends already, the answer should always be no).

If you can’t safely answer all of the above with a “yes”, then you should not reply – instead I recommend you do what they are asking for your own enjoyment but do not actually post a reply.

Want to see what the GIF bar says your Halloween costume should be based on the year you were born? Great! Do a search; just don’t post it, please.

I once read a post that I will paraphrase:

Us in the 90’s: Don’t talk to strangers on the internet or get into cars with strangers!

Also us today: Asking a stranger on the internet to drive to our house so we can get into a car with them.

Please don’t make yourself an easy target for these people. If you aren’t sure, don’t reply. It’s as simple as that. 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.