You may have seen the social media trend of posting a list of 10 concerts where 1 of them is a lie. The idea is that your friends will look over the list and guess which one of the concerts you didn’t really attend. On the surface it appears to be a harmless attempt at some entertainment, but, according to a CBSNews report, it could be THE WORST MISTAKE OF YOUR LIFE!!!
[insert commercial break cliffhanger riff]
Let me start this rant out by first saying that identity theft, hacking and phishing attempts are all very real threats in today’s world. I am in no way minimizing the risk of being frivolous with your personal information. With that said, though, I feel like news reports like the one above are taking a real danger and marginalizing it by seeing the boogeyman everywhere you look.
The first sign to take notice of in these articles is when they trot out a “cyber security expert”. It’s the equivalent of asking a car salesman at a dealership their objective opinion on whether it’s worth it to trade up to the latest model of car. Cyber security experts make their money on the fears of their audience with respect to how hazardous the internet security monsters truly are to them. They don’t really want hackers to lose all the time, because if your data was safe, then the experts would be out of a job.
“The first thing that came to mind was a phishing attack where they could see your preferences and probably glean some demographics info from your band preference and send an email that says something like free tickets to whatever band you said you liked,” Ingemi explained. “You click on it and then you’ve downloaded malware or a virus and they have access to your network.”
The CBS News writer then hammers home the point with: “Hackers could then get into your account by resetting your password.”
I would like to point out that within three quick sentences, they just went from harvesting band preference data to resetting your password and taking control of your account. That is some CSI level, made for TV, hacking abilities! Never mind the fact that your entire Facebook page contains your preferences. The entire idea behind a Facebook like or follow is to refine your newsfeed to the things you are interested in. If all hackers needed to steal your account was whether you were a Lakers fan, a Patriots fan or a Yankees fan, then they don’t need a post from you to do it. All of that information is freely available, if public, on your Facebook profile by pages you like or follow.
“When you forget your password to various things, one of the [security] questions is what was the first concert you ever attended,” Ingemi said. “Well, if you have that list you could do some reverse engineering to figure out what might have been the first concert.”
So, if by some slim chance on one of your accounts you picked a security question option that asks what your first concert was and you played the concert game with your friends on Facebook, then hackers have a 1 in 9 chance of “reverse engineering” (Wow, that sounds technical) a single security question on that account. Forget the fact that there will be other security questions, usually 2 factor authentication through a code, and you will also be alerted to all failed attempts.
Let’s be honest here for a minute. There is no chance of a list of concerts you may or may not have attended being posted on Facebook is ever going to play a part in your identity being stolen or accounts being hacked. A person could gain more pertinent and detailed information from a decently worded Google search than they would ever get from a list of 10 concerts. I know that, you know that, and CBS News knows that. What CBS News also knows is that alarmist headlines involving social media trends and hackers makes for great click bait. It also makes their older clientele strap on their tin foil hats and tune into the nightly news programs to find out how those evil Russian hackers know everything from their shoe size to their preference in deodorant.
“If you want to participate and you’re concerned about the security risks, Ingemi recommends setting your privacy settings to “Friends Only,” preventing strangers — and potential hackers — from accessing that valuable information.”
I am glad that CBS News finished the article with the first useful piece of information of the entire piece. If you plan on sharing personal information (agree or disagree with whether concert attendance falls in this category), make sure your privacy settings are set accordingly. You wouldn’t want ex-girlfriends stalking your page to know you ate Chinese last night.
I’m all for informing people about the potential risks of doing stupid stuff with personal information on the internet. The problem arises when you continue to produce hysterical laden articles sourced by cyber security experts on a regular basis; you start to sound like the boy who cried wolf. You either delegitimize the seriousness of the real issue or you make people so paranoid they fear doing anything on the wicked internet. Neither of those are really that helpful to the people that need the internet to function on a daily basis and don’t want to have their private information targeted. So, please feel free to keep sharing the concerts you’ve attended and quit clicking on CBS News articles. You never know, it could be a link for adware…