Peter practically lives on Social Media. It's so convenient to stay connected with friends and family, and he loves that he can easily access other websites by connecting to his social media account with the click of a button.
In his free time, Peter enjoys the quizzes and community building activities that circle the platform. Just this week, he joined in to wish this year's graduating seniors well by posting his own graduation picture with #CongratsGrads. And the week before, he discovered that his Hogwarts house was Gryffindor, along with 7 of his other friends who took the quiz.
Now, he's been tagged to do an "about me" challenge, to see if his friend's really know his favorite color, mother's maiden name, or his first car. But, when trying to sign in, he realized he's been blocked out. He also can't access several other accounts, including his social media, bank, and even work accounts. He's been hacked!
It's hard to pinpoint what activity led to the breach, but since Peter never took the time to adjust his privacy settings, nor come up with a unique password, anyone, including hackers, were free to lurk around his personal information and easily brute force their way into his account.
Did you spot the red flags?
- Peter never adjusted his privacy settings, allowing for hackers to view his personal information. His graduation post, for example, was not only easily searchable through the hashtag, but also included his picture with his school and year of graduation, which is often used as a credential.
- Peter had a weak password. He then, used his social media credentials for a quick sign-in to third-party sites. This is often a recipe for disaster.
- Oversharing tends to coincide with social media quizzes and challenges. Peter should have further considered the information he was disclosing before hitting "post."
What you should know about this scam
Though not all social quizzes are maliciously gathering your personal information, it is smart to read a quiz’s terms of service before playing so that you're aware of the type of information the company is collecting, and how it will be used.
It's also good to consider the kinds of questions a quiz is asking. Even simple ones like: where were you born, where did you go on your first flight, or who's your childhood best friend, are the exact same questions asked when setting up your accounts' security questions.
Only 44% of Americans utilize/take advantage of privacy settings on accounts. At a minimum, best practice is to hide these key pieces of PII from public view on your social media accounts: your phone number, birth date, email address, and location.