What’s your mother’s maiden name?
What elementary school did you attend?
What was the make of your first car?
All of these are standard security questions on websites ranging from blogs to banks, and all of these questions can be answered by simply looking through someone’s Facebook profile or throwback Thursday posts.
3 ways over-sharing can cost you
You don’t have to be famous for people to want to hack into your social media accounts; in fact, you don’t even have to be rich or interesting for hackers to want to peruse your account. Just a few selfies or conversations with your BFF can be enough information for criminals to commit fraud.
One of 2015’s most newsworthy breaches was not the biggest, but the one we learned the most about. While we are usually kept in the dark about the cause of breaches and the process by which hackers get in, the breach of IRS tax-return information was a different story. During the hearing held on June 2, 2015 it was revealed that hackers got into the system by collecting information about victims from multiple sources and legitimately logged in to the victims’ IRS accounts by answering security questions. By searching social sites and/or hacking into less secure accounts hackers got all the information they needed to get into the victims’ IRS accounts.
While you may be dying to know what Friends character you are, beware of sharing information with those online quiz sites. Not only do you often have to grant the sites access to your Facebook account, you then answer a bunch of personal questions. Plenty of hackers are taking advantage of people’s willingness to divulge information about themselves to collect information that can get them access to the victims’ accounts. This method can require more work than just hacking into the account, but legitimately logging in using collected information doesn’t set off any red flags; no red flags means hackers can be in a network for a long time without being noticed.
The IRS is just one of the latest examples of breaches leading to more breaches. It is easy to think that putting a weak password on your social media accounts is OK – who cares about your selfies, right? But what is that account connected to? All too often we get lazy when visiting a new website and instead of creating a new account we simply click “log in with Facebook.” As Wired’s Mat Honan would tell you, linking accounts is not worth the few seconds you save. In 2012, within an hour of being hacked, his Google account was deleted, his Twitter was taken over and used to tweet out terrible messages, and all the data on his Apple devices was erased. How could someone do this so quickly? It is easy when accounts are connected. You hack one and you have access to all.
With a majority of online adults using at least one social networking site, there is no end in sight to criminals targeting people on these sites. All we can do is help people understand the importance of being safe online and keeping some things confidential.