You’ve seen the social media trends that circulate regularly: Share a picture from your senior year of high school, or a picture of your first car. Answer these ten questions about your childhood. Share a funny pet picture.
These may seem like innocent challenges, but they can actually leave you more vulnerable to cyber attacks such as spear phishing scams and password attacks. In fact, the FBI has even cautioned against participating in online challenges that share personal information.
Whether you realize it or not, some viral social media challenges can disclose some personal information that hackers can use against you. You’re making cyber criminals happier and their lives easier when you hand them information they can exploit you with.
Take any pet-related challenge, for example. Your first, current, or favorite pet is a security question often used by banks, and those who participate in the challenge may be revealing the answer to those questions in either a picture or a caption.
Types of Personal Information That Can Be Vulnerable
There are a number of types of personal information that can leave you vulnerable to attacks. Anything that gives away answers to common security questions is dangerous. Security questions commonly used by banks and other institutions include the following:
- What is your mother’s (or grandmother’s) maiden name?
- What is the name of your first pet?
- What high school (or college) did you attend?
- What is the name of the town you grew up in? (variations include the street you grew up on or the town where you were born)
- What was the first company you worked for?
This kind of information can be used to break into bank accounts or other accounts by getting hackers past security questions. From there, they can access your account and even reset your passwords.
In addition to directly accessing your accounts, hackers could use the specific information from your social media accounts to phish you by including personalized information in emails that makes them more believable, leading you to trust malicious emails and fall prey to spear phishing attacks, as one IT company in Tyler explains.
Some of the social media challenges that have been trending recently, that will give away some personal information, include the following:
- Sharing who your current best friend is or a childhood best friend
- Pictures of your first pet (many people also include the pet’s name in a caption)
- Images of your favorite concert or your first concert
- Favorite restaurants
- First school photographs or senior year photographs (even if you don’t mention the name of your school, memorabilia in senior photos can give it away)
- Sharing memories of your favorite teacher
- Images of your first car
Keeping Your Information Safe
This information doesn’t mean you have to stop connecting with people through sharing on social media. But it does mean you should be cautious about what information you share publicly.
The easiest way to protect your personal information is to keep your settings private so that only your friends can view your posts. However, with the many business and publicity uses for social media, many prefer to keep their settings open to gain followers.
If you use a public social media page, it is recommended that you still keep personal information, including the kind that can be disclosed in these challenges, limited to a private personal page.
Another important step toward enhancing your online security is to use multi-factor authentication (MFA). MFA requires multiple authenticators before logging you in to an account. That’s the essence of what security challenge questions are trying to do in the first place, but MFA should consist of factors different from information that you can know and answer.
Secure MFA should require you to identify yourself through something you have (like your phone, by sending a PIN to you through a text message) or something you are (verifying your identity through a fingerprint or face scan) in addition to something you know (like the typical password or security questions). This will thwart hackers from accessing your accounts even if they discover your password and other login information.