Were you never told not to volunteer personal information?
Finding out your personal information is big business. Known as “social engineering,” it’s the art of manipulating people online so they give up confidential information that’s valuable in discovering passwords. It turns out to be much easier to exploit people’s natural inclinations to trust others than it is to find ways to hack directly into software.
With a little help from AI, social engineers figure out who you are and then use that information to make money. On social media, they post viral “challenges” that look like harmless fun but are actually designed to allow hackers to unlock your password information. On Twitter, Facebook, and Instagram, many unsuspecting participants reveal — for all the world to see — critical information they might use in some form for their passwords. Once one account is hacked, the others are easier.
Maiden name? Check. Favorite pet? Check. High school? Check. Town you grew up in? Check. Favorite or first car? Check and check. Throwback Thursday is a social engineer’s dream! They love this stuff.
Combat these attempts to gain access to your accounts by always giving false password and identity challenge and verification information to the sites and services that require it. Keep the answer file off-line or at least in a format that’s not easily guessed. Remember, if it’s a handwritten list, you can still take a photo of it.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.