Facebook: how you really get hacked

Facebook: how you really get hacked

I’ve written a lot over the past months about cybersecurity and social engineering and as October is cybersecurity awareness month, I thought I’d share some resources that might help.

But first…

How people think they get hacked

How they really get hacked

I’ve seen loads of these types of questions on Facebook and the answers supplied could lead you to being hacked somewhere else.

So here’s how it works – with thanks to one of my Facebook friends for putting this together.

  1. You see a fun little question pop up in your Facebook feed that people answer in the comments. This isn’t a question from one of your Facebook friends, it’s from a public account. It maybe an account supposedly belonging to a radio station, but not one in your part of the country, where you would recognize it. Maybe it’s from a public account called something cute like “just for laughs” or “no biggie” or “memory lane”. Perhaps a Facebook friend of yours has already answered the question. It seems harmless and trivial: What food would you never eat? What was the first concert you went to? You answer the question in the comments.

  2. Because of the way Facebook’s algorithm is set up, answering this question, or even just giving the post a like means Facebook will show you more content by this Facebook poster and more content by other, similar posters. You see more and more little quiz questions by Facebook accounts that are not your actual friends.

  3. Also because of the way Facebook’s algorithm is set up, your actual Facebook friends can see the post you responded to and your answer to the little question. If they respond to your comment, or like your comment, or answer the question themselves, they also begin to see more little quiz questions from this Facebook poster and more similar Facebook accounts with other little questions.

  4. Some of these questions are probably harmless, but the more you answer, the more you see, and sooner or later you slip up and answer one or more that help a data miner begin putting together pieces of information that help them steal your identity and get into your bank accounts. “One of these has to go” with a list of four types of candy bars isn’t helpful to anyone, but the more you get used to answering questions, the less carefully you scrutinize the questions. One day you answer one that gives someone your birth year: “how old would you be if the digits in your age were reversed”. A week later you’ve forgotten about that, but the information has been harvested and filed away and you answer another question that gives them your month of birth: “your birth month determines which celebrity you marry, are you happy?” with a bunch of pictures of famous people laid out in a calendar grid. Some questions are straight-up complete answers to common security questions: maiden names, grandparents’ names, where you went on holiday as a kid, what was your first car, what was your first pet’s name, what was the name of your elementary school.

  5. When the data miner pretending to be a harmless fun Facebook account or radio station has enough pieces of the puzzle put together they can either get into your bank account, sell your information to someone else who wants to get into your bank account, or remotely lock your accounts or take over your whole computer or phone and force you to pay a ransom to get access back.

The worst thing about these social media predators is that the more you comment on these information gathering quizzes, even if you just comment to tell a friend that they have potentially given away the answer to their own security question, the more they spread. All your Facebook friends will see more of these quizzes as a result of your comment, and be more likely to comment themselves, and sooner or later one of them will give away important information, even if you never do.

So DO NOT COMMENT. Not even to the ones that don’t share any important information. They post many innocuous questions for everyone that gathers information, but even the seemingly benign ones help them figure out what style of questions generate the most responses, work the algorithm to get them on more people’s Facebook feeds, and lull you into a false sense of security that this is good clean fun. Do not give it a thumbs up or an angry face. If you see a friend post a response, talk to them in person about how these scams work, or call them, or send them a private message, but don’t reply to their comment on the post. That just helps these things spread.

Cybersecurity awareness month resources

The cybersecurity awareness month started by the US government and the National Cybersecurity Alliance but has now been adopted in the EU and the rest of Europe.

Several companies and organisations are providing free resources for you to use to improve your cybersecurity, including The Centre for Internet Security, Cybersmart, and KnowBe4. You can also follow the cybersecurity month Twitter feed, and watch for #CyberSecMonth.

And, of course, there are all my cybersecurity and social engineering blog posts that you could read.

Be safe, and if you need any advice or help, please get in contact.

Do you want to learn more?

Network Midlands runs seminars to help you protect your business against cyber-attacks. Find out more at “What can possibly go wrong

Summary
Facebook: how you really get hacked
Article Name
Facebook: how you really get hacked
Description
Facebook: Fun questions and quizzes that are designed to get security information from you. You may think you get hacked by bad guys wearing hoodies and sitting in dark rooms. But often you give away the information they're looking for just by answering Facebook questions and quizzes
Author
Publisher Name
Network Midlands Ltd
Publisher Logo
Share

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.