Most of us have at least one social media account – if not more. Social media is all about sharing. On social media, we share information about ourselves that does not seem to be sensitive without thinking about it. Our profiles might list our birthday, job title, education, likes and dislikes, summer vacation plans, contact information, or pictures visible publicly– as we naturally want to share these with our friends and families.
Why did we make a challenge about social media?
We rarely ever think that our social media profiles could be gold mines for identity thieves and other attackers. The personal information shared on social media could help them create targeted attacks to gain access to our financial accounts, credit records, or other sensitive information.
If our information is public on social media, scammers can collect bits of information and utilize it for their attacks. They could send you or your friend an email containing the information you’d think no one else knows. They could also try to exploit a business using information that you shared to make their attacks such as phishing emails look legitimate.
Social engineers use our public information in campaigns to generate trust and credibility
It’s easy to trust someone, whether it’s a person or a service, that provides accurate details about us, especially when we forget that some of this information is shared publicly.
Just as an example, imagine that you are about to travel by air today. If the airline you are flying with would send you an email with your flight number, would you question its legitimacy? Or would you instantly remember that you had just shared a photo of your boarding pass on your Facebook page, and someone could use it against you?
Criminals can use our information in a variety of ways. We could get phishing emails, text messages, pop-up messages, or even phone calls. All these could seem legitimate like these would be coming from an authority, like a bank, a government agency, an online seller, or another organization you do business with. Attackers will almost always try to lure you into clicking on a website link, updating your account information, or claiming a prize or a benefit.
Hoxhunt Social Media Challenge: Learn to think like a hacker
To teach people safe social media habits, Hoxhunt decided to put the players in the actual hackers' shoes. It sounds exciting, doesn't it?
The players go on a "phishing trip" and gather sensitive information from social media profiles and posts from six different social media profiles in the challenge.
We encourage the players to find the most sensitive information on each social media profile that the attackers could exploit. These are all sensitive details we should never share publicly!
When the players collect the correct bits of information, they take on the role of a real hacker, and they are ready to create and execute a malicious action, such as sending a targeted phishing email or impersonating a trusted business.
Be cautious of what you share publicly! Here are the key learning points:
Is the information you are about to share with your social network something that people absolutely need to know about you?
Always think twice before sharing and think about the information it includes.
Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it could be for a hacker or someone else to use that information to steal your identity, access your data, or commit other crimes such as stalking.
Never share the following details publicly:
- Personal information: ID-cards, social security numbers, credit details.
- Sensitive information from your work: non-public projects, photos of work devices (phone, laptop), whiteboards or screens displaying information.
- Detailed information about your plans: photos of boarding passes or travel tickets, location, activities.
Adjust the security privacy settings
- Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and manage your online experience positively.
- Enable two-factor authentication (TFA) the two-step verification wherein the user of a social media account needs to provide additional information along with his/her username and password.
The Social Media challenge is only available in the refreshed Hoxhunt user interface
Please note that the new social media challenge is only enabled in the “Refreshed Hoxhunt User Interface”.
If you are yet not using the new user interface, please reach out to your customer success manager for more information.
Explore more cybersecurity challenges
- The New Hoxhunt Challenge ‘Unknown Devices’ Is Here
- Guide to the DoD Phishing Awareness Challenge: 9 key takeaways