The ramblings of a giant squid…

Internet and Computer Security for Home Users During Lockdown (well, any time really) – Part 3

Crime, Current Events, Friends-Romans-Countrymen, Rules, Security, Technology

It’s just a harmless little distraction. Here’s my answer to these neat little questions. If you love me you’ll copy and paste this to your status with your answers and tag 2397 to play too.

How Well Do You Know Me?

  • Favourite Colour: chartreuse
  • First school: Dagobah Primary
  • First Pet: nematode
  • Name of First Pet: Nemo
  • Yadda Yadda: Yadda

Unless you live without social media (particularly Facebook in that example), you will have seen these little questionnaires and although I normally wouldn’t do this, I’m going to jump most of the way to the end before I really begin: Never answer those, or if you do, answer only false and misleading information. Do not cut and paste them. And never, ever click a link to one of them.

It was important to get that out of the way right up front.

There really is a major issue with those that applies to absolutely every person – young, old, computer nerd, supercool executive, whatever you think of yourself. That issue has two prongs, and neither are very nice.

The most straightforward issue is that many of the online services we all use ask us to submit the answers to “security questions.” These questions are used to authenticate you in the event that you get locked out of your account. The questions are supposed to be a secret known only to you and the service. In fact, the use of questions as a method to ensure the person saying they are you is, in fact, you, requires that the answers be known to you and you alone.

Those four items in that example are all examples of security questions that I’ve seen, and in these little text games, I’ve seen a whole lot more. With that information, any random person could take over your account. That’s annoying if it’s your Gmail account. It’s terrifying if it’s your bank account.

Anything you write on social media is going to end up in the hands of people you never expected. That’s a fact of the internet. These questionnaire games are what I call “victim participation” events… where the potential victims give the bad guys all the tools they need to commit the crime.

That is a good segue into the more esoteric issue: social engineering in general. You see, someone might take that info and use it right away to get into your Gmail, and maybe change your password, send a bit of spam and then leave you to clean up the mess. That happens.

Better crooks might build up a profile on you. These questionnaires provide great information for identity thieves. These are the people who go after your passport, your bank account, even your house. Publish enough of that kind of information to the world and with a bit of bad luck, you’ll be the next contestant on “Someone stole my identity!” – the modern game show where the winners lose a bit of sleep and thousands of dollars for clean up, and the losers lose everything.

Don’t think for a second that you’ve set your privacy settings well and you’re safe. You have no idea what your friends are doing with it, or how those other people (you don’t really know in real life but are “Facebook Friends” that you added because they wrote a funny joke once three years ago) are using that information, or passing it on to others via their poor privacy settings. If you take nothing else away today, please take this: When you write it on the internet, it’s permanent. The internet never forgets.

All of which brings me to the “never, ever click a link to one of them” comment. When you click a link you’re surrendering at least your browser, if not your social media profile to an external application/web site. This is incredibly risky. There are plenty of documented examples of shady organizations scraping data and building profiles on people via web sites and dodgy social media apps. Remember – if you’re not paying for it, you are the product being sold. That is the truth about all social media.

Related Posts

Search the Squidzone

The Happy Squid Store

Squid Tweets

Error: Invalid or expired token.