Just Say No to Social Engineering Memes

These memes, from a security and privacy perspective, are nothing but trouble. Here’s an example I just saw a friend respond to:


The reason I say trouble is because if you play along, they reveal a tremendous amount of personal information about you. That information is often used to secure your information for healthcare, banking, investments, etc. Let’s play along with this one just to see what an adversary might obtain by seeing a social media post. 

John Doe posts, “I am an Oracle of Profound Wisdom!” If we know John looks to be 30-40 years old, we can conclude:

  • John was born in 1976 or 1986 (from profound)
  • John was born in January (combo of oracle and wisdom)
  • John was born on January 16-19 (also a combo of oracle and wisdom)

We get the last 2 because Capricorn stretches from December 22 – January 19. Oracle is 16-20. That rules out December. And since John is a Capricorn, that rules out January 20. 

In other words, someone looking to use this information has narrowed down John’s birthday to one of 8 dates. And if the challenge is birth month and year, the adversary only needs 2 guesses. Most systems allow 3 or more. Just by posting his response to this meme, John has given someone enough information to compromise him. What looked like a little fun is actually a bigger security issue. 

Therefore, don’t play along. These memes reveal information you’d never reveal willingly to most folks. Yet because at first glance it seems harmless, we play along. Meanwhile, someone willing to work through the choices gains the information. The only way to protect yourself is not to play. 

Advertisements

1 Comment (+add yours?)

  1. Jeff Mlakar
    Aug 13, 2017 @ 21:27:38

    Nice post. My first though was “that looks appealing to the millennial generation. Totally harmless at first glance”.

    Lately it seems a lot of customer service calls screen the caller by quizzing you on your birthdate as verification. Just that alone can enable someone to cold call and impersonate you.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: