Facebook '10 concerts' quiz: is it a scam?

Rights, Scams and Politics

20 May 2017 | 2 Comments

Shared information about what concerts you've been to on your Facebook page? You could be revealing key security information to scammers.

If you’ve been on Facebook recently, there’s a pretty good chance that you’ll have been confronted with list after list posted by your friends about the concerts they've been to.

The latest game involves sharing a list of 10 concerts that you have attended, with one false one hidden in there, and then invite your friends to see if they can correctly identify the false entry.

It seems like harmless fun, but there have been a number of warnings that what seems innocent enough could pose a real security risk.

Social engineering

We all need to be much more careful about what we share online, as scammers could be watching.

According to security expert Brian Solis, principal analyst at Altimeter, these sorts of quizzes are essentially social engineering - a technique to get you to drop your guard and share information about yourself that you would normally keep close to your chest.

Writing on LinkedIn, Solis said: “Hackers use this technique to convert secrets into access. In this case, asking about bands could be a quasi-phishing scam.

“For example, nine bands can tell a hacker quite a bit about an individual. When live shows are added to other information from a user’s profile, hackers can then approximate age, interests, religion, etc., to gain access to everything from your password to your financial information and more.”

Many of us are wise to the first generation of online scams, the phishing emails that claim to be from your bank but are clearly anything but. Yet when it comes to social media, we are a little too eager to bare our souls, giving away a glut of personal information that could easily be turned into cash by a sophisticated scammer.

Lisa Hardstaff, credit information expert at Equifax, told loveMONEY that social media provides a platform to openly share an abundance of private information for everyone to see.

She added: “It might seem innocent at the time, but people can easily reveal their age, birthdate, address, pet names or even family details such as their mother’s maiden name – all things that could be used for security questions or passwords.”

Takeover frauds

Hackers look to harvest information about you. When they learn facts and figures about you they can then use to take over your accounts, and even open new lines of credit in your name. By handing this info out freely on social media, you're making their lives that much easier.

According to fraud experts Cifas, facility takeover fraud cases – essentially when a scammer takes over your account by posing as you – rocketed by 45% last year, from 15,497 to 22,525.

As Cifas chief executive Simon Dukes said: “Using old-fashioned but highly-effective con artistry, they are tricking individuals into giving away their personal details and deceiving call centre staff into making transactions on their victims’ accounts. The proliferation of personal data that is available either online or through data breaches only makes this easier.”

Protecting yourself online

One obvious mistake that many are making with social media is failing to make use of the privacy settings. According to Equifax’s research, a quarter of young people use privacy settings on some sites but not others, while plenty of people don’t even know about them at all.

Hardstaff said: “The privacy setting of ‘everyone’ provides perfect strangers with the opportunity to view the information that an individual puts on social media. Things like photographs and conversations with friends can leave an individual at risk of inadvertently providing personal information about themselves or the family that would be useful for fraudsters.”

Here are some simple steps to follow online to protect yourself:

  • Always use privacy settings — make sure only people that you know and trust can see your posts;
  • Think carefully when picking password reset questions and answers — is that information easy to find on your social media profile?;
  • Use different passwords for each account;
  • Try to avoid keeping your passwords written down, and never store them on a web document;
  • Don’t ever tell someone else your password or PIN;
  • Think carefully before sharing a photo or a quiz;
  • Ensure your computer has up-to-date anti-virus and security software installed, which will protect it from malware and viruses which could also try to steal your identity.

Check your credit report for anything suspicious. Sign up for a free 30-day trial now.  

Protect yourself from crafty scams:

Latest bank scam that gives crooks acess to YOUR cash

Scammers making big money from empty homes

HSBC scam warning: how to stay safe

Broken phone could be sign of a scam

Comments

Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.