If you’re active on social media, it’s likely that you’ve seen or even participated in some seemingly innocuous quizzes, games, or surveys that encourage people to share some fun information with others. While these seem like an innocent way to spark conversations with your friends and followers, they may be part of a social engineering scam attempt. Participating in these plentiful internet time-wasters can pose a big security risk.
For example, maybe you’ve seen an image on your timeline of a gear knob and some text asking the question, “What vehicle did you learn to drive stick shift on?” As fun as it would be to comment about the 1996 Ford Ranger you learned on and compare answers with your friends and family, you may be inadvertently giving away answers to common security questions. When logging into your online or mobile banking, you may need to answer some questions to verify your identity. A common verification step is to confirm the make and model of your first vehicle. What are the odds that you learned to drive stick on your first vehicle? They’re probably pretty good odds, right? The fun post may be a subtle way for scammers to obtain your answer.
What was the name of your first pet? What is the name of the road you grew up on? These questions probably look familiar. Again, these are questions you may be asked in order to be granted access to your accounts. With that said, what happens when you see a fun post asking you to determine your witness protection name by combining some personal information? For example, “first name = pet’s name / last name = street name.” While it may be fun and silly to learn that your witness protection name would be Max Hardscrabble, you would be giving away the answers to two security questions.
How can you protect yourself from these data-harvesting schemes?
Don’t Participate
Perhaps the most simple and obvious way to protect yourself from these scam attempts is to not participate. If you see a potential data-harvesting quiz, game, or survey, block the post. Before you do, however, look to see if any of your friends or family have participated. If they have, send them a message to let them know of the potential risk.
Enable Two-Factor Authentication
If you think you may have overshared in the past, all hope is not lost. Consider enabling two-factor authentication on all of your accounts. By adding two-factor authentication, accounts can only be accessed after entering the username and password, then by completing another prompt––such as entering a code you receive via text or email, or scanning a fingerprint. Without having access to the latter, a fraudster can’t access your accounts.
Change Your Security Questions
There is no rule that the answers to your security questions have to be truthful. Even if you’re not participating in data-harvesting schemes, it’s not impossible for fraudsters to still find out personal information about you. For example, someone could get your mother’s maiden name or the street you grew up on from an old census. You can make up answers to the questions––as long as you can remember them or store them on a secured password manager. The street you grew up on could be “Sesame Street” or the “Yellow Brick Road.” Your mother’s maiden name could be “Ice Cream.” Who would ever guess that your first pet’s name was “5%jM#$(9RKz@21?” There is no mandate that you’re honest, so set a random answer to add an extra layer of security.
If you have questions about preventing identity theft or if you’re looking for a way to increase security on you financial accounts, give us a call at 1-800-427-1223.
For our members’ convenience, links are available in this website to allow quick access to other sites that may be of interest. Clicking on a third party link will take you out of Downeast Credit Union’s website to an alternative website not operated by DECU. The Credit Union is not responsible for the content of the third party website and does not represent either the third party website or the member if you enter into a transaction. Privacy and security policies of the website to which you are linking may differ from those practiced by DECU.