Some seemingly fun posts, memes, and games on Facebook are actually used by identity thieves to hack your accounts.
- Hey, here’s a cool little game to determine what your mobster name would be. Put you mother’s maiden name together with your favourite teacher and then your first pet. Hey, you’re Shaw Armstrong the Fish.
Fun, right? Now share it on your wall. Your mother’s maiden name. Your favourite teacher. Your first pet.
The trouble is that those three pieces of information you just published for the world to see are also among the most common security questions that many banks, service providers, and websites use as authentication when confirming your identity – or resetting your passwords.
The New York Times sounded the alarm over the weekend over the popular “10 Concerts I’ve Been To, One is a Lie” meme. That game that frequent Facebook users got really sick of really fast las week had users sharing the musical acts that they’ve heard live and challenged connections to guess which on the list they hadn’t actually seen.
The Times pointed out that there is a great deal of personal information about you hidden in that concert information. Your personal tastes, age, ethnicity, or even religion could all impact which concerts you’ve attended. Having that information could make all the other ‘secret’ pieces of information you use to verify your identity much easier to guess.
“They are fun, but … there are certainly polls that are geared towards collecting information which could be used to fraudulently ‘recover’ an account,” security researcher Alec Muffet told the Times.
Don’t make it easy for fraudsters
If your password to your online banking is your pet’s name, never post your pet’s name on Facebook. More importantly, never choose your pet’s name (or anything else obviously guessable about you) to be your online banking password.
Similarly, if you’ve used your pet, your favourite teacher, the first street you lived on, or other personal details as authentication questions for your accounts or passwords, don’t post them online for anyone to see.
Things spread fast on the internet, and scammers have figured out that if they add an element of fun to a meme, people will share it. (And in so doing share potentially sensitive information.) Don’t make it easy for them. Choose smart, impossible to guess passwords for your accounts, and keep the personal details needed to reset them offline.