Phishing emails filled with typos from Nigerian princes who promised millions of dollars tricked plenty of people in the past, but now these scams are a punchline. Scammers have had to step up their game to trick people, and they certainly have. Phishing emails are getting more sophisticated and targeting people with personal information the scammers find on social media.
There are 1.7 billion people on Facebook and a billion on Instagram, and almost 85% of them post something every week, and nearly half of them post something every day. Most of these posts are public and contain pieces of personal information. It could be the names of your kids, pets, or your favorite sports team, or your anniversary or birthday. Hackers know your password is pretty likely to include these bits of information, making it easier for them to break into your accounts.
Hackers can also use the information you’ve shared on social media for social engineering. Social engineering is when a scammer tricks you into believing something for fraudulent purposes. An example might be a call from a support technician telling you that your computer has a virus, and then they trick you into giving them access to the information on your machine or money to falsely fix the problem.
With oversharing on social media, scammers can take their tricks to the next level. With information from Facebook or Linkedin they likely have enough information to convince you that they are friends of your friends, or someone you work with. They’ll see if they can get you to provide even more information. When the Twitter accounts of celebrities like Elon Musk, Jeff Bezos, and Barack Obama were hacked, it turned out that the hacker may have used Linkedin to target individuals who worked for Twitter. The 17 year-old hacker simply called employees saying he was from the company’s tech support area and needed to check their computers remotely = and of course needed their password to do so. He knew the names of supervisors and co-workers and was able to convince several employees into telling him their passwords. With this information, he was able to hack into these famous Twitter accounts.
In addition to social engineering, phone calls and targeted phishing emails with personal information are also up at least 15% over the past year.
So what can you do to protect yourself and your information? You can start by just Googling your own name and seeing what comes up. Or, create a second social media account and check your profile to see what a stranger can see. If the amount of information you see makes you uncomfortable, you can change your privacy settings.
Next, don’t use personal information and passwords hackers know you probably use, such as a name or a date that’s important to you. A lot of Facebook quizzes or list memes are designed to get you to overshare information about yourself. It’s not a coincidence that they try and get you to answer questions that are the same types of security questions you get when you need to reset
Be skeptical of any phone call or email from anyone that you don’t know directly, even if they have some pieces of information about you. Don’t give them any information. Try a different channel to contact the friend co-worker or trusted source directly to check the information the potential scammer might be giving you.
Scam emails and phone calls are not as obvious as they used to be either, but know what information about yourself might be available on social media and look for hints that they might be
trying to use your personal information against you. Share this information with friends and relatives to help them avoid becoming a victim as well – since it could end up impacting you as a connection on social media.