Using social media gives criminals a real insight
AFTER less than 10 minutes looking online, Gerry Grant knew more about me than I was entirely comfortable with, writes KATRINA TWEEDIE.
Fortunately, Gerry is an “ethical hacker” not a malicious scammer, and he advises companies and individuals on the steps to take to stay safe online.
Like many people nowadays, I’m often on social media platforms such as Facebook, Twitter, LinkedIn, Instagram and some others that are less common, like Strava, used to share any cycling or jogging routes.
Not that anyone would be interested, I always think. How wrong could I be.
These sites can often be an open door to unscrupulous scammers who could harvest my personal data and build up a profile of my life, my friends, family, and hobbies.
They could then use this to manipulate a way into my life and, ultimately, target my cash.
My privacy settings are robust but, from my social media profiles alone, Gerry can see where I work, where I studied, my age and favourite holiday locations. He knows I have at least one son and one sister and that I like jogging.
“I could use this information to assist the process of becoming your friend,” says Gerry.
“Scammers can use social engineering to do a footprint on you to find out all that they can before using that information against you.
“They may send you a friend request and our automatic reaction is to accept rather than question who that person is and whether you want to be friends.”
Worryingly, when I look through Facebook I’ve a few “friends” who I don’t seem to know.
Gerry, from the Scottish Business Resilience Centre, continues: “I might find out which pub you go to then meet you, striking up a conversation about your favourite football team or favourite film and, all of a sudden, because I share the same interests, you are more likely to trust me.
“I may find out what train you take in the morning and I might drop a usb stick into your handbag, which may contain some malicious software that, when you plug it into your computer, download sa virus.”
Gerry asks if I’ve ever played the social media game to find your “Superhero Name” using your mother’s maiden name and the colour of your pants, for example.
“What you’ve actually done is give me the answer to the most common security question – your mother’s maiden name. I could call the bank and pretend to be you.
Gerry advises: “Think about what you post, the info you are sharing and, most importantly, who you are sharing that with.”