If you’ve ever scrolled through Facebook, you’ll immediately understand what this blog is about. I see posts all the time that read something like this: “The name of your third grade teacher and the street you grew up on is your new gamer name”. Or you’ll see a picture of a fluffy, wide-eyed puppy that reads “Name him after your favorite author”. There are tens of thousands of comments under these posts, answering the prompt. Don’t get me wrong, they can be pretty funny sometimes. But, these posts aren’t always innocent fun.
Let’s talk about social engineering. Social engineering, in the context of information security, refers to deceptive manipulation of individuals that results in the target divulging personal information, which is often used to commit fraud. To put it simply, someone is tricking you into giving away sensitive information so that they can use it illegally.
In the Facebook post example, you’re giving away information like your third grade teacher’s name, your favorite author, the street you grew up on, the make and model of your first car, your childhood pet’s name, or the mascot of your high school. You might recognize these as common security questions for accounts such as your bank account, email, or social media accounts.
So, while it might be funny to name a cute puppy after your grumpy third grade teacher, don’t post. Don’t let a good laugh, a cute puppy, or following the crowd cause you to give away sensitive information. You never know who is posting these prompts, what their intentions are, or what they are doing with your comment. When it comes to your personal information, it’s always better to err on the side of caution.