We all have seen these type of posts on Facebook before.
Find your ##### name. Add your firsts pets name with your mother’s maiden name. Post your ##### name in the comments and forward to all invite friends to find out theirs.
This seems very harmless to most however this is the first stage of social engineering. What’s that I hear you ask. Well this is the process of finding out personal details about you that will help to gain illegal access to your personal data.
If this is a revelation to you then I would advise reading on. These types of posts are monitored by keywords so these answers can be pulled back from any replies. If you reply to a message from someone that has their profile publically viewable, your answers become viewable also. This allows anyone to filter on this content and will return your name and 2 pieces of your generic security details.
From these small pieces of data you are potentially exposed. Hackers will save this information and try to track you through your other social media content on public spaces like Instagram and LinkedIn. Using these services to build a profile and reviewing areas that can be exposed.
So how do they target the masses with these information gathering exercises. Well it starts by setting up a fictitious Facebook account. Then adding themselves to groups with high a volume of users (Fan sites for example). Then the posts start with something engaging like "What's your favourite album?" or something specific to the group. This is used to test the facebook users that are most likely to engage and are active. Anyone that either answers or forwards then gets added to a hackers warm list. These are the people most likely to help propagate their security information gathering posts. So each one is checked to see if they have a public open profile and the engineering begins. These are now moved to the Hot list for future targeted distribution.
If this sounds like you are one of these prime Hot List targets, then be aware that all that reply to your posts are now automatically a potential warm list user for the next wave of targeting.
Then the posts will start with
What’s your favourite film?
What was the number 1 on the day you were born? (date of birth not exact but can help)
What was your first street name?
And so on. When enough information about a person has been collected these are now selected for advanced targeting. We will not explain how these actions can be done as this would be irresponsible.
I hope that as a minimum this has highlighted why these posts exist and why they should not be forwarded or replied to.
I addition to this there are other advisory points we would like to share.
Run Mapping and distribution – Be careful as most people start from home and do you want everyone to know where you live?
Going on Holiday – Posting pictures of your holiday is all very good however you are also highlighting you are away. If your address is plain to see from using the above methods, then you are raising risks of unwanted visits. Our advice put them up when you get home.
The biggest words of warning are Think before you post personal details.