- What was the last thing you ate?
- List 3 names you answer to.
- What street did you grow up on?
- What was the name of your 1st grade teacher?
Seems like such innocent questions, after all we all like learning more about our friends and finding similarities. Every day I log into Facebook, and I see someone sharing some ice breaker type question. The most recent I saw was “If you knew me in HS, what’s something that I was known for?”. As I read through my friends’ comments, one mentioned her grandparents by name. I have fond memories of spending time with that family, in fact. Another mentioned the car she drove during HS… and what a sweet car it was! A friend mentioned the hot miserable days they had in the woodwind section of marching band, with dress rehearsals in wool uniforms and 90° Indiana afternoons. My personal memory of her would be the “home” book, the “school” book, the “backpack” book and the “car” book that she was always reading. She read multiple novels at once and always had a book within arm’s reach. These comments were innocent memories from her friends of 20+ years; people who have no wishes of harm or ill-will toward her.
Now, let’s look at these comments through the eyes of a potential hacker or someone looking to steal an identify. The grandparent’s names just provided me with your mother’s maiden name. The sweet HS ride gave me the Make & Model of your 1st car. Oh, and that innocent comment about hot August marching bands…I now know that you played an instrument, giving me a starting point of woodwind. My own memory offered a hint at her favorite hobby. Most bank offers those questions as security questions to access an account should you need to reset a password. From that 1 post, I gathered enough information to possibly reset her bank password and take control of her bank accounts.
This is only one example of how we are all at risk online every day…We have all heard about the “a great uncle in Timbuktu left you a million dollars, just reply to this email to claim it” situations. Most of us understand these are spam and easily recognize and delete them. However, what about this? My mother got from Fifth Third Bank* once, warning her that someone has tried to access her account and she need to follow this link to reconnect to her account for security. A simple click enters her username and password, and the account will be “verified”. Now, she’s heard me talk about Phishing (pronounced fishing) Email attacks and how they appear to be from a valid source, the fraudulent practice of sending emails in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Just like we cast our pole when fishing in hopes to caught something, these emails are sent hoping to hook something. My mother knew to be careful…she made sure the URL looked right. It was even a secured site; she knew to check that. It gave her a nice screen thanking her for updating the information and keeping the account secure. She closed the web browser and returned to her daily activities.
Well, a few hours later, she got a bank notification because I set up alerts for large transfers. While she was weeding her garden, she apparently was also wiring $5,000 from her account to a “friend” in the UK. But she had been careful! The URL said 53Bank.com and their logo was on the screen. How could this have possibly happened? Well, if you bank at 5/3 Bank, you might notice that their URL is www.53.com. Now her security education includes the warning: If you get an email from your bank, close the email. Go to your bank and log in directly from that site to check something. Do NOT click on the link from the email. This is true for any notices like that.
What about the social media posts asking us to share and add my daughter(s)’ name and age to prove I love my daughter. That is sweet and who doesn’t want everyone to know how much I love my daughter. Those chain post shares your name, daughters’ names, and age. It seems nice and sweet, until some random person shows up knowing your child’s name and age. With just that information, they can likely find the school your child attends. Looking at social media, they can likely find if your little girl goes to dance class, takes horseback riding lessons, or maybe she’s into the martial arts. Likewise, people who post about leaving for vacation and post photos all week while they are gone, then wonders why their house is burglarized while on vacation.
Please don’t read this blog post and go deactivate your email and social media accounts immediately, unless you had already planned to do this. This blog is simply a warning to open your eyes to the possible threats around us every day. Here at Techno Advantage, we work hard to keep your business networks secure and protected, but we can’t protect you from the random information people freely give away. However, we would like to educate you and your friends about these risks. Contact us today, to schedule a “Lunch & Learn” for you, your organization, or a group of friends. We will give you practical tips, suggestions, and tools to help you protect yourself, learn how a little information can be used against you, and educate you in cyber self-defense. As my Sensei taught, “The #1 rule of self-defense is to never find yourself in a situation where you need to defend yourself.”