Why You Shouldn’t Answer Facebook Posts Asking Seemingly Benign Questions
Within the past 30 minutes, three of my Facebook friends have answered posts from “Thinkarete Lifestyle”, and I about feel out of my chair. Let me explain why, and why you should not do this.
In short, these questions are designed to get you to expose little bits of information which, when they are all put together, provide enough pieces of the puzzle for an attacker to assume your entire identity.
Question 1: Only 800 seats are left in Heaven, the last three digits of your phone number determine if you get in…. what’s yours?
These days, most people use their smartphone cell number as their primary phone number. Your smartphone device is what you use to carry out your most sensitive activities — online banking, online shopping, virtual payment cards, and of course your contacts, etc. Ah, and let’s not forget your smartphone knows exactly the GPS coordinates of your home…. and your smartphone knows when you are not at home.
Why is giving just the last three digits a big deal?
Because your area code and prefix are not hard to figure out. There are not a gazillion combinations, and brute forcing it isn’t hard. But that still leaves one digit unknown? Yes, but that one digit has but 10 possibilities.
And let’s not forget that the general public got your last three digits and your name, by virtue of you answering that public post.
So with your name and phone number, you are about halfway to being p0wned.
P0wned?
Yes, that is a technical term in the industry for meaning “completely owned”, or “defeated”. In the context of personal security, it means an attacker can pretty much have their way with you. You don’t want to be p0wned — it is not a good thing.
Your Smartphone is the Attackers Holy Grail
As we said earlier, you use your smartphone for all kinds of sensitive things. In addition, your smartphone also has access to your primary email account — that email address you used as the “recovery email” on all those sites? Yeah. They want access to all of that stuff. It’s the grand score of a cyber criminal targeting an individual.
But They Don’t Have My Date of Birth!
True, and kudos for being a savvy reader. In order to take over your smartphone account, they need more than just your name and phone number. Date of birth comes into play too. And that leads to the next question I saw today:
Question 2: Today your age is your age with the digits reversed… how old are you?”
This one gives your age out. So there is 1/3rd of the birthdate right there. But the birth year, that is an excellent starting point as it gives the age, and from that, the attacker can understand the general sense of the person. For example, older people tend to be more likely to fall for scams. And, older people tend to have more wealth accumulated.
Just by answering this one question, you have exposed your age which attackers will use to “profile” you and determine how interested they are in further attacks. Of course, they have your name too, since you replied to a public post.
Birth Month
Perhaps you answered a question 3 years ago regarding “the month you are born in determines how much money you will retire with… what’s your month?”
Ok, so now they have your birth month…. and perhaps a few months ago you answered a question like:
The Day of the Month You Were Born On Determines What Celebrity You Will Marry… What’s Yours
Ok, so now they have your full birthdate, along with your name and your phone number. Now they start going to work, posing as you to call your cell phone service provider, your bank, and pretty much everywhere, claiming they forgot their password and no longer have access to their email for password recovery.
Most companies these days won’t “recover” an account based on a phone call, without also providing some ID forms. Well, as it turns out when you answered those questions, the attackers also got your picture. And from your Name, phone number, etc. they will get your address.
With all of that, they can craft a very convincing fake driver’s license to send to the agent. Keep in mind, it’s a digital doc, so they don’t get to touch it, feel it, scrutinize it, etc. Any issues they mention will be attributable to “that happened when I scanned it, sorry”.
You Get It Now, Right?
The concept is simple, by answering these questions, each time you do that you give out just a little bit of your personal data. But when it is all put together, your entire identity can be stolen. That is why answering these questions is a really, really bad idea.
Seems Unrealistic — Attackers Aren’t Going to See All These Different Posts and Answers!
Except, they are. The easiest way for attackers to harvest this data is by looking at all your replies to that same poster. In today’s example, that is “Thinkarete Lifestyle”. Guess what is easy to do via the Facebook API?
It is easy to programmatically retrieve all public posts by that poster and all the comments, and then programmatically organize them and piece the answers together by a person.
And even if the questions aren’t all by the same poster, there are but a handful of the most common “companies” that post these kinds of probing questions.
Perhaps, the Site Actually Exists Just to Harvest Your Data?
I am not saying Thinkarete Lifestyle is a fake site set up just to get you to disclose your personal data bits, but I am simply saying you should consider the possibility.
Even if they mean no harm and are legit, there is no good reason to be asking these questions. Just sayin’
Another Question: What Childhood Movie Traumatized You the Most?
As I was writing this, yet another friend answered this question. While it doesn’t give very much personal information away, it does. Because when you answer it, you give your name and picture, and your answer allows potential attackers to profile you — they get an idea of how old you are by your answer. Again, older people tend to be targeted disproportionally.
Conclusion
In this article, we talked about personal data security, and why it is a very bad idea to answer public social media posts which give away bits of your personal data.
Oh No, I Already Did It! What now?
Just be more mindful and careful in the future. Think of the questions you have answered over the past, and if you think you have given enough away that you are exposed, then it would be a good idea to put additional protections on your most sensitive accounts and to “lock” your data at the credit bureaus so that no one can do a credit inquiry.
It is always a good idea to have two-factor authentication enabled for your most critical accounts. If you have already divulged bits of personal data, then I’d say it is a must.
But then again, I’d say it is a must even if you haven’t divulged any bits.
Thomas is owner, proprietor, and chief consultant of Carlisle Technology Solutions. Thomas has over 35 years of experience in professional Information Technology solutions, possesses a strong entrepreneurial spirit, and has a skillset that spans all of IT.
Thomas has worked for, or consulted to, hundreds of Fortune 500 customers across financial services, pharmaceuticals, media, manufacturing, retail, automotive, defense, legal, accounting, and medical. Thomas has launched Carlisle Technology Solutions to bring enterprise-grade, cutting edge technology solutions to the small business owner.
Thomas lives in the United States with his wife and two children.
I think this is one of the most vital information for me.
And i am glad reading your article. But wanna remark on few general things, The website style is
wonderful, the articles is really great : D. Good job, cheers
This web site truly has all of the information I
needed concerning this subject and didn’t know who to ask.
I have been surfing online greater than three hours lately,
yet I never found any fascinating article like yours. It’s pretty worth enough for me.
Personally, if all webmasters and bloggers made excellent content material as you probably did, the internet can be much more useful
than ever before.
What’s Going down i’m new to this, I stumbled upon this I’ve
found It positively useful and it has aided me out loads.
I hope to give a contribution & aid different
users like its helped me. Good job.
Good post. I’m dealing with many of these issues as well..
I have been surfing online more than 2 hours today,
yet I never found any interesting article like yours. It is pretty worth enough for me.
In my opinion, if all web owners and bloggers made good
content as you did, the internet will be a lot more useful than ever before.
I just like the helpful info you provide for your articles.
I will bookmark your weblog and take a look at once more here
frequently. I’m reasonably certain I will learn lots
of new stuff proper here! Best of luck for the next!
Pretty part of content. I just stumbled upon your website and in accession capital to say that
I acquire in fact enjoyed account your weblog posts.
Any way I will be subscribing to your augment or even I success you get admission to consistently rapidly.
Hi, I do believe this is a great website. I stumbledupon it
😉 I’m going to revisit once again since I book-marked it.
Money and freedom is the greatest way to change, may you be rich and continue
to help others.
Hi, its nice paragraph about media print, we all understand media is a enormous source of data.
I used to be suggested this blog by my cousin. I am not sure whether or
not this submit is written via him as no one else realize such distinctive approximately
my difficulty. You are amazing! Thank you!
Wonderful web site. Lots of useful info here. I’m sending it to
some buddies ans also sharing in delicious.
And obviously, thanks in your effort!
excellent post, very informative. I’m wondering why the other experts of this sector do not notice this.
You must continue your writing. I am sure, you have a huge readers’ base already!
Hi every one, here every one is sharing such know-how, therefore
it’s fastidious to read this weblog, and I used to pay a quick visit this weblog every day.
I always used to read piece of writing in news papers
but now as I am a user of net thus from now I am using
net for articles, thanks to web.
Do you mind if I quote a few of your posts as long as I provide
credit and sources back to your webpage? My blog is in the exact same area of interest as yours and my visitors would genuinely benefit
from a lot of the information you provide here. Please
let me know if this okay with you. Many thanks!
Hi there colleagues, its great piece of writing regarding educationand fully
explained, keep it up all the time.
First of all I want to say wonderful blog! I had a quick question in which I’d like to ask if you don’t mind.
I was curious to find out how you center yourself and clear your
mind before writing. I have had trouble clearing my thoughts in getting my ideas out there.
I do enjoy writing however it just seems like the
first 10 to 15 minutes are usually lost simply just trying to figure out how to begin. Any recommendations
or tips? Thank you!
Every paragraph is a step closer to understanding — you’ve crafted this piece with such care and insight.