You'll be surprised how dodgy Facebook apps can be ...
Posted by Pritesh Ganatra on 14/05/2021 @ 8:00AM
Imagine you are scrolling through Facebook and your friend has posted a quiz that asks for personal details such as your birthday or star sign for the app to determine your personality traits. That's social engineering at work ...
Social engineering is a stealthy way to gain your credentials!
Having read your friend's results you think it is pretty accurate. So, you decide to click the link to see what your personality is accurate according to the details you type in. After all, what harm can it do? It's only a simple quiz and it's not like you are entering a whole bunch of personal or sensitive data?
"Or are you?"
In a very brief discussion this week, after a lapse of concentration, I clicked on a social media game, where I had to choose an animal, based on my birth year. Each animal had 4 or 5 random years assigned to it and when inside the game, the, button became live.
Once the personality statement came up, the game asked me to share my personalised results in my social media feed. This is one thing I never do as it would share a live link for someone else to follow.
In this instance, I did find the answer fascinating so I took a screenshot (so no live link was posted/shared), but it did show the selection of birth years under the Rooster (symbolic of four or five different birth years).
A concerned friend, who also happens to be a top network infrastructure and IT security specialist, reached out and told me that by entering the game and choosing the Rooster symbol, cybercriminals had been able to narrow down the possibilities of which year I was born.
"It's a stealthy way to gain your credentials!"
This is one aspect of social engineering that I had not considered in much depth before. I have seen many of these games, all similar, but slightly different, and it never occurred to me that all the games may be devised by the same person, each time asking for slightly different personal information, collating all the pieces like a jigsaw puzzle, eventually gaining enough information to guess your passwords and account login details.
I regularly write about blatant cyberattacks; systems being hacked through connected equipment or phishing emails, but never looked at games and quizzes as a threat. Doing some quick research from bonified academic studies and industry white papers put a new light on the different manipulative methods of gaining trust and information ... all because our curiosity gets the better of us.
Playing multiplayer online video games and receiving a friend request or private message from someone claiming that they will help you win the game is a way of getting you to potentially download an app that then installs malware into your systems.
"This is the very definition of Social Engineering!"
I am not a gamer and never really seen their appeal, but this method of cyberattack is not the norm in the business-to-business world. It was a chance comment from a trusted friend that led me to today's blog topic.
Could your bank balance survive willingly clinking a link to a harmless looking game?
Until next time ...
Would you like to know more?
If anything I've written in this blog post resonates with you and you'd like to discover more about social engineering, do get in touch on 01604 926100 or take a look at my website which you can find by clicking here.
The word 'Technology' has too many connotations in today's world!
Where do we start? Simple terms like 'IT' and 'Telecoms'? or terms that appear NOT to have an actual meaning at all!, e.g. 'Internet of Things (IoT).
Technology also encompasses specialist products and services like 'Rugged' and 'Tough' android devices, Lone Worker Software, panic alarm devices, smart energy devices, low energy lighting, credit card terminal (PCI DSS) security, indoor/ outdoor Wi-Fi systems, Ultrafast Gigabit internet connectivity, access control systems, industrial IoT circuit controllers.
BTS UK can consult from simple solutions to the most complex, provide some of the products through a wholesale channel, bring together a multi-disciplined 'Task Force' to deliver and implement complete Technology 'projects'.
I am your technology problem solver and I look forward to helping you.
No unauthorised use, duplication, distribution or modification to any original content contained within this blog is permitted without prior written permission of the author. All other trademarks and registered names are acknowledged.