By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post
Let’s all share our mother’s maiden name and first brand of car! Why Those “Fun” Social Media Questions Can Put You at Risk…
Every few weeks, a new trend pops up on Facebook or Instagram that looks harmless. Someone posts a cute prompt asking for the name of your first school, your childhood pet, the street you grew up on, or your favorite teacher.
It feels nostalgic and fun. It also feels like an easy way to connect with old friends. Unfortunately, these posts are a goldmine for cybercriminals.
Many of the questions in these viral prompts match the exact security questions used to reset passwords. Attackers do not need to hack your computer to get into your accounts. They only need enough personal details to convince a system that they are you.
Information like your first school or the city where you were born can help them reset bank logins, shopping accounts, medical portals, or email. Once they get into one account, they can often pivot into others.
Social media meme:
Social media meme. Courtesy image
Another problem is that these posts often spread your answers publicly. Even if you limit the visibility of your profile, your friends might comment or share the prompt, making the information easier to trace. Attackers also scrape social media for this data. It gets stored, sold, and used later, even if you delete the post.
Here’s a recent example I saw on Facebook in a popular NM Facebook group:
Example suspicious post. Courtesy image
As you can see there were 141 comments on this, and not all of them saying they wouldn’t share, many people were happily giving up their information. Yikes!
The group in question honestly seems pretty scammy and just reposts pictures of New Mexico and tries to sell junky products.
One of the admins is this profile:
Admin profile. Courtesy image
The good news is that you can enjoy social media without giving away the keys to your identity. Here are a few ways to stay safe:
Keep personal history off public posts. If the question is something you have ever used as a login recovery answer, skip it. Treat those old life details as sensitive information.
Do not reuse security questions. Many sites now let you create your own questions or type your own answers. You can even use phrases that are not real. For example, your “first school” could be “kitty cactus yak party.” The site will accept it, and no one can guess it.
Review your account recovery settings. Make sure your phone number and email backups are current. Remove old emails you no longer use. These outdated recovery paths can be easy ways for attackers to break in.
Be cautious with quizzes, personality tests, and “about me” chains. Some of them are designed to build large collections of personal data. If it asks for details about your childhood, pass.
Social media can be a fun way to stay connected with old friends. Just remember that once you post personal details, you cannot always control where they end up. Keeping that information private is one of the easiest ways to protect your accounts and your identity!
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.