This is crazy. Hacking groups are out in full force on Facebook. And with the willing participation of millions upon millions of naïve users, chances are high that you have either seen or participated in one of the biggest global online threats today. Can you guess what the Facebook scam is?
For weeks if not months now, hacker groups have launched data aggregating campaigns disguised as innocent polls and fun personal trivia confessions. Facebook pages that appear to be radio stations or so-called lifestyle enthusiasts post silly questions like “What is your stripper name? Comment with the model of your first car and the city you were born in!” or “Don’t you think old fashioned names are charming? What was your grandmother’s first name?”
Comments on these posts are skyrocketing and the data miners are eating up the endless opportunity. What is shocking is that while a lot of users are increasingly savvy to this Facebook scam, many are willingly participating, even when they know the threat.
The charming grandma post, that has garnered more than 1.5 million responses, also included the following exchange in the comments:
FB Commenter 1: Great. Now the hackers that run this Facebook scam know your grandma’s first name. Times a million. What a great database for the bad guys.
FB Commenter 2: Who cares? It’s fun and if you use your grandma’s name as a password then you are not very smart and that’s your bad.
But the threat doesn’t really pertain to whether you use your grandmother’s name as a password. That's not how hackers use the information.
Well if it is not about stealing passwords, then what are they after?
top of page
IT IS ABOUT SECURITY QUESTIONS
As you know, many websites ask users to establish answers to Security Questions when creating their online account. These questions are posed to users in various scenarios. They might be triggered when requesting to change your password or if the website senses you are logging in from a new browser or if you are locked out due to too many incorrect password attempts. Many sites essentially use Security Questions to authenticate that you are who you say you are. Thus they ask you to answer a question that only you would know. Like um say your grandmother’s first name, the name of your kindergarten or the model of your first car.
So these “just for fun” Facebook posts, like the ones mentioned above, provide data aggregators and bad actors from around the world (Yep! Russian, Nigerian, Chinese, and even homegrown cybercriminals) the information they need to circumvent your password protection and wreak havoc on your accounts. So, yes, we aren’t talking about passwords; it’s all the other information that is used today to verify that you are who you say you are when you log in with a user ID and password.
Once those masquerading Facebook posters know your Nana’s name was Beatrice, they store the information in a humongous database. Believe it or not, they likely did their homework long before they ever posted that fun-loving question, so they already know exactly which sites include the security question “What was your grandmother’s first name?” It is only a matter of time before your account gets hacked. And once they break into one, they are better equipped to hack into your other accounts.
Now multiply that threat by the 1.5 million Facebook users who willingly answered that “silly” question.
ARE YOU SERIOUS?
It is hard for many folks outside the cybersecurity field to grasp the very real threat these seemingly innocuous Facebook scam posts pose to a very wide swath of social media users. Suffice to say, the threat is very-very real, and the fallout at some point will likely send shockwaves throughout the U.S. and abroad. In fact, the entire dynamic, including the general public’s complicity, are poised to permanently change the face of online security in one way or another.
Hacking is a massive and sophisticated global business. Let’s repeat that. Hacking is a business. And until legislation is passed that governs how social media platforms address the issue of predatory data luring, companies like Facebook will likely continue to turn a blind eye to the issue.
It is time to wake up and face a pretty scary reality. Once you have given away identifying information about yourself (like maybe your social security number, fingerprints, retinal scan, and that fun personal trivia) what will be left to verify that you are who you say you are?
bottom of page
Comments