OK I’ll Play! 10 Concerts I’ve Been To and 1 Will Tell You My Password
My friend Jefferson Graham of USATODAY asked me to comment on a story he was writing on Facebook’s latest meme, “10 concerts.” Here are my unedited thoughts I shared with him…
Here’s a list of 10 concerts I have been to, 1 is a lie. Can you guess which one?
LOL. But in reality, someone really does care…the person ready to hack your life.
Facebook memes can be entertaining and annoying at the same time. Ice Bucket Challenge anyone? Some people loved it. Some people hated it. But what it did do was raise money and awareness for the ALS association. Recently, any post that started with, “10 concerts I’ve been to, one is a lie,” Facebookers either gleefully played along or collectively eyerolled. In its essence, it could simply be a fun, low investment way to get to know your network and stimulate conversations. But, in some cases, memes can be deceptively dangerous. In this case, it something as simple as, “what was your first concert you went to?” can lead to compromise though human hacking.
While it’s true that not every service asks about concerts as a security question, the greater threat lies in “social engineering.” Social engineering is the art of manipulating people out of confidential information aka secrets. Hackers use this technique to convert secrets into access. In this case, asking about bands could be a quasi phishing scam. For example, nine bands can tell a hacker quite a bit about an individual. When live shows are added to other information from a user’s profile, hackers can then approximate age, interests, religion, etc., to gain access to everything from your password to your financial information and more. Just Google, “Facebook social engineering,” and you’ll see the extent to which even the most amateur hackers share insights about this. The same is true about quizzes that are incessantly coming and going from feeds. They’re designed, for better or worse, to reveal more of ourselves than we already do. Those insights feed an insatiable hacker’s appetite.
If we learned anything from the fake news fiasco on Facebook, it’s that they are slow to respond to damaging network effects of misinformation or with the latest nine bands meme, too much information.
I unfortunately have to credit those who intend to mislead users and frown upon the rest of us who continually fall for phishing schemes, fake news or other misadventures that compromise the Facebook experience. While it’s unproven as a security threat, it is a necessary reminder that users have to be a bit more guarded in social networks where personal information is rampant and can be used against them in something as simple as a password reminder or reset.
The onus is always on the user to protect the very essence of what’s behind their online persona…their real world identity and all it represents. It’s easy to fall into social engineering traps. They are after all, designed to evoke human engagement. But there in lies the trap. Secrets were meant to protect us when it comes to online security. And as we’ve heard time and time again, “loose lips sink ships.” Secrets are not so secret when they’re littered explicitly and implicitly in our social media posts.
What’s your mother’s maiden name?
What’s your favorite color?
What street did you grow up on?
Bologna Flying Saucer Sandwiches Ave.
What’s your favorite type of music?
New England Clam Chowder
As former Intel Andy Grove once said, “only the paranoid survive.” I’m not trying to be a killjoy here. By all means, have fun! Communicate. Network. That’s social media! Just protect yourself. Otherwise, who will?
Don’t close your accounts by any means. But do think before posting always. There are sadly, sinister beings who only thrive at the expense of our personal breaches and the damage and pain it causes.
Brian Solis is principal analyst and futurist at Altimeter, a Prophet company, world renowned keynote speaker, and 7x best-selling author. His latest book, X: Where Business Meets Design, explores the future of brand and customer engagement through experience design. Follow him on Twitter and LinkedIn. Invite him to speak at your next event.