31 May 2021

Staying safe on social media

First of all, let's get one thing out of the way. It's a major thing that you always need to bear in mind when participating in social media in order to enjoy it safely. Your own safety is not the only thing that depends on this, that of your friends and family does, too.

Social media is not a safe haven.

There. I said it.

Social media is open to anyone, not just the "good guys" like you and your friends. The "bad guys" are also out there and they gradually glean snippets of information from you and others that help them build up a profile allowing them to impersonate you, take over your social media account or even perpetrate identity theft. Any of the above can ruin your reputation and your credit rating and get you into trouble with the law if a crime is committed using your identity.

That is, unless you deprive the bad guys of this information... Don't even feed them misinformation either because they can detect patterns in that, which do give away real information. Just don't give them anything.

Paranoid? Moi?.......

A systems administrator friend of mine always used to say: "Don't ask yourself if you're paranoid. Rather ask yourself if you're paranoid enough."

Profile info

Photo ID

What does anyone need to forge, for example, a driving license that looks convincing even if the info on it is completely bogus? Your photo for starters. Make sure that no photo of you that could be used on any form of photo ID makes it to social media.

Date of birth

What's the first thing that your GP's surgery, for example, asks you to confirm your identity when you call? Your date of birth. You may wonder what anyone would gain from being able to discuss your medical history with your surgery. Probably not a lot before the staff get suspicious, terminate the call and ring you up, but possibly enough to help build a profile on you. Not to mention the simple violation of your privacy.

Don't let your date of birth, even just the date without the year, be seen by anyone. Not even by your friends.

Friends list

This is another thing that must remain private, visible to you alone.

What happens if one of your friends has their social media account compromised and your friends list is open? Whoever broke into your friend's account has instant access to a list of further potential targets. Concealing your friends list helps protect those who are on it. You know, your friends... They'll thank you for it (or they should!).

If your date of birth is visible to friends and if you have a suitable profile photo, the miscreant also has immediate access to enough data to make false photo ID of you by breaking into someone else's account.

Social engineering

Social engineering is the art of coaxing personal information out of people without making it look like that's exactly what you're doing.

Classic examples of this are:

"What song was number one on your 14th birthday?"

Answering this one won't give away your exact date of birth, but it will narrow it down enough for responses to a few similar "fun" questions to pinpoint it exactly.

Even that may not be necessary if your birthday is visible.

"Your elf name is..."

...followed by lists of names to choose from using, for example, the date you were born and the first letter of your mother's maiden name.

You may think that giving away just the date you were born (without the month or the year) is innocent enough. The trouble is, a few days ago you also gave away the approximate date of your 14th birthday. This piece of information could well be just enough to reconstruct your date of birth accurately.

"Without naming the place, what is the city where you were born famous for?"

The "Without naming the place" bit is designed you give you a false feeling of security. However, by describing something that your birthplace is famous for, you are as good as naming it anyway.

Full name? Check.
Date of birth? Check.
Place of birth? Check.

You can probably guess where this is going. Fraudsters have no need whatsoever for you to divulge everything they need in one go. They watch your responses to multiple social engineering examples and slowly piece your profile together.

"If you married your husband/wife where you met them, where would your wedding have been?"

This is the exact same question as "Where did you meet your spouse?"

Now look at this selection of security questions used to protect an on-line account:

Time to lock down the personal info visible in your social media profile and to re-evaluate what you consider "fun"...