Most of us have at least one social media account – if not more. Social media is all about sharing. On social media, we share information about ourselves that does not seem to be sensitive without thinking about it. Our profiles might list our birthday, job title, education, likes and dislikes, summer vacation plans, contact information, or pictures visible publicly– as we naturally want to share these with our friends and families.
We rarely ever think that our social media profiles could be gold mines for identity thieves and other attackers. The personal information shared on social media could help them create targeted attacks to gain access to our financial accounts, credit records, or other sensitive information.
If our information is public on social media, scammers can collect bits of information and utilize it for their attacks. They could send you or your friend an email containing the information you’d think no one else knows. They could also try to exploit a business using information that you shared to make their attacks such as phishing emails look legitimate.
It’s easy to trust someone, whether it’s a person or a service, that provides accurate details about us, especially when we forget that some of this information is shared publicly.
Just as an example, imagine that you are about to travel by air today. If the airline you are flying with would send you an email with your flight number, would you question its legitimacy? Or would you instantly remember that you had just shared a photo of your boarding pass on your Facebook page, and someone could use it against you?
Criminals can use our information in a variety of ways. We could get phishing emails, text messages, pop-up messages, or even phone calls. All these could seem legitimate like these would be coming from an authority, like a bank, a government agency, an online seller, or another organization you do business with. Attackers will almost always try to lure you into clicking on a website link, updating your account information, or claiming a prize or a benefit.
To teach people safe social media habits, Hoxhunt decided to put the players in the actual hackers' shoes. It sounds exciting, doesn't it?
The players go on a "phishing trip" and gather sensitive information from social media profiles and posts from six different social media profiles in the challenge.
We encourage the players to find the most sensitive information on each social media profile that the attackers could exploit. These are all sensitive details we should never share publicly!
When the players collect the correct bits of information, they take on the role of a real hacker, and they are ready to create and execute a malicious action, such as sending a targeted phishing email or impersonating a trusted business.
Is the information you are about to share with your social network something that people absolutely need to know about you?
Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it could be for a hacker or someone else to use that information to steal your identity, access your data, or commit other crimes such as stalking.
Please note that the new social media challenge is only enabled in the “Refreshed Hoxhunt User Interface”.
If you are yet not using the new user interface, please reach out to your customer success manager for more information.