It’s easy to reveal more about yourself online than you realise – and that could help scammers and hackers.
This week a couple of blogging friends shared one of those little games that are so popular on Facebook. This one used your answers to tell you “Who you are”. The month you were born decided the first part of the answer, and the second part depended on which four-day date range your birthday fell into. So someone born between 12th and 15th of February would be a “Short Princess”, whereas 24th to 27th June would be a “Giant Unicorn”. Then you’re asked to post your answer in the comments below the picture.
Harmless fun right? Well, maybe not.
What those answers really reveal
Think about the information the quiz asks for.
By reading the comments posted for this game, I can work out the poster’s birthday within four days.
Ok, you might be thinking “What can they with just part of my birthday?”. Maybe nothing. But think about when you’ve had to go through security on the phone and date of birth has been one of the questions – particularly when asked for a four-digit memorable code.
People are rightly concerned when this kind of personal data is stolen in hacks like the ones on TalkTalk, Uber and Equifax, but they’re happy to share similar information when it’s presented as a bit of fun.
And this is done is in huge numbers. At the time of writing the game I mentioned above had 39,000 comments – and that’s just on one Facebook page. There will be many, many more comments on threads where people have shared the image.
This isn’t the first time I’ve seen this kind of data harvesting. When Facebook first started a popular one was to find your “pornstar name”. There were a few versions of this but the most common one was first pet’s name followed by mother’s maiden name. Oh, how we all laughed. Go on, do it now. It’s either very funny or incredibly dull (which is also funny). But don’t share it. Because, surprise surprise, do that and you’ve given away two key security questions.
Giving away access (and your data) to games and apps
You could also be giving away more information than you realise when you add extras to your Facebook account. By giving permission to apps, games and permissions you need to agree to what you share.
Some will just want your name and email address. But others will want your friends list, birthday and location.
The risk here is the game has only been created to get your data. And once you’ve given permission for Facebook to share it, those scammers can use the info against you or sell it to others.
The personal information we’re not even tricked into revealing
Social media was named as such because it’s about being social. And that means we’re likely to celebrate and share the things we love. Favourite bands and sports teams, pet names, family connections, anniversaries – even where we went to school. You might even proudly display your full date of birth including the year.
Do these all sound familiar? Yup, they’re all common security questions.
As well as using the information you share to try to bypass security on your accounts, it could be used against you in other ways.
Often small parts of data can be merged with data found elsewhere to build up a bigger profile of you and your information. There could even be enough out there for people to steal your identity.
So how can you minimise this happening?
Well the first thing to do is make sure your social media accounts are locked down. Limit your Facebook page just to people you actually know, and then go through removing the obvious security risks such as your date of birth. You can remove your birthday on Twitter too.
Then just be careful about the games and quizzes you take part in. If any part of the question appears to reveal personal data, don’t take part. And only give access to any of your account data to brands you trust. On Facebook you can check which apps you’ve given access to.
Other ways oversharing could affect you
I’ve written about how I never reveal on social media if I’m on holiday or away from my house if there’s no one at home. The danger is you’re effectively advertising to thief’s that there’s an empty home ripe for a break in.
It has also been known for employers and recruiters to check social media accounts of prospective employees. Anything dodgy and there’s little chance you’ll get the job.
And sometimes old tweets and posts can come back to haunt you. It seems every month or so a footballer, politician or celebrity has to apologise for something they said online. To be fair most of these examples tend to be racist, homophobic or misogynistic and I’ve few issues with those people being exposed. But you might want to audit your accounts for anything you regret typing, and deleting as appropriate.
Facebook hacking checklist: how to protect your data