As the Safer At Home order continues, people are turning to social media for entertainment. Some posts currently circulating contain fun “get to know your friends” questions that ask questions such as “Who was your favorite teacher?” and “What model was your first car?”. Though seemingly harmless fun, these posts can actually act as a gateway to cybercrime and sensitive information.
“When registering for online access to many different websites, like financial accounts, you may be asked to provide answers to security questions as a form of multi-factor authentication,” said David Murphy, VP of Finance & Risk at MMCCU. “The premise is if a fraudster steals your password, they may have difficulty accessing your account because of the additional speed bump that is the security question. Questions may range from your first car to favorite food to mother’s maiden name.”
By answering these inherently innocent questions through social media quizzes, participants are actually exposing themselves to liability by providing the answers to important security questions. Cyber criminals can use this information not only to hack current accounts, but to create imitation social media accounts that cause even further harm.
“When you play these games and share this information through social media, you are providing the fraudsters access to this sensitive information that may be the missing link for them to access your financial accounts,” said Murphy. “A harmless post about your favorite vacation may be fun to share with your friends, but without the proper privacy settings on social media, this information can be accessed by anyone who views your information.”
Murphy warned that, ultimately, this information can be used to unlock access to more sensitive financial information.
“If the financial company allows you to initiate transfers out of your accounts or payments to third parties, fraudsters could steal your money before it’s too late,” he said.
The same caution should be applied to photos posted. Photos that contain addresses or other identifiable information can be maliciously used.