Blog

Do you REALLY need to ‘know your porn name’? 5 ways social hacking is targeting your employees and threatening your business

Do you REALLY need to ‘know your porn name’? 5 ways social hacking is targeting your employees and threatening your business

You may have top-notch security tools and a comprehensive cybersecurity plan, but if your employees don’t understand how social hacking works, they may be inadvertently giving away information that opens a back door into your organisation.

 Social hacking – also known as social engineering – is the practice of convincing people to give up confidential information such as bank details or passwords. In its earlier, clumsier phase it often came in the form of badly misspelled emails encouraging you to hand over your credit card information. These days, social hacking is much more sophisticated, and hackers often gather breadcrumbs of information from several sources which they put together to thwart security protocols used by banks and employers.

What’s worse is that many of us are helping hackers by voluntarily oversharing information publicly via social media.

Here are some of the most common ways that we enable social hacking through our social media habits.

 

Joining in viral quizzes and games 

 

Cartoon of sleuth looking at footprints with a magnifying glass to illustrate the concept of social hackingWe’ve all seen them on Facebook or Twitter, and some of us may have joined in the ‘fun’. It’s some variation of your porn star name is your middle name and the street you grew up on. Or your porn star name is the name of your first pet and the name of your first school. They may seem like a fun – if silly – distraction, but they’re actually designed to get you to share information that helps hackers get into your online accounts. They work because they seem like an innocuous game, so it’s easy to let down your guard, especially if several of your friends are playing along. 

The details you reveal when you share your mother’s maiden name or the town where you met your spouse help hackers guess your password or give them the answers to common security questions. And as many people reuse passwords across different accounts, hackers will try them across different websites.

 

Failing to use privacy settings on your social media accounts

 

Illustration of friends chatting on a smartphone to illustrate how social hacking works

Does your Facebook profile really need to be available to everyone? Hackers can find out an awful lot about you. All those friends wishing you a happy birthday just revealed your date of birth (or most of it). Have you listed your hometown in the ‘about’ section? Perhaps you like to share photos of your pets or children and their names. Regularly check your privacy settings to ensure that you are only sharing sensitive information with people you actually know.

 

 

 

Sharing workplace photos

 

Picture of home office including an open computer screen with online meeting taking place to show how social hacking works

During the work-from-home phase of the pandemic, many people shared photos of their home office set-up. While most of these photos were harmless, some included their open computer screen, tabs, zoom meetings and post-it notes, potentially sharing things such as the names or email addresses of their colleagues. This is exactly the sort of information that enables hackers to impersonate a co-worker.

The same goes for photos taken in the workplace. Ensure that you’re not unintentionally exposing confidential information. 

 

Announcing to the world that you have a new job

 

Two men shaking hands after an offer of employment to illustrate social hacking opportunities

We get it. You’ve just got the job of your dreams or a promotion and you want the world to know. But you’ve also just announced the name of your company or organisation and the fact that you’re new and almost certainly don’t know everyone who works there. This, together with the fact that new employees are usually eager to please, makes you an ideal phishing target for a hacker pretending to be a co-worker.

 

 

Falling for employment scams

 

Sign that reads 'join our team' to illustrate how fake job offers can be a social hacking strategy

One particularly unpleasant phishing scam involves fake ‘recruiters’ contacting job seekers about a position they’re ‘perfect’ for. They then collect information (such as name, address, age, phone number, employment history) for the job application which they use to to steal their identity or gain access to their contacts. This is particularly a problem with LinkedIn, where being a first degree contact of someone gives the hacker some legitimacy. 

 

 

 

Keeping employees off social media is impossible. But ensuring that employees are educated about the dangers of oversharing on social media can help mitigate the risk of identity theft or phishing. To find out how we can help with ensuring your workers are security conscious, visit our Security Operations Centre page and contact us for an informal no-obligation chat.

 

Intersys IT Support

Get fast, reliable IT now.

Since 1996, Intersys has provided fast, reliable IT to help businesses succeed and grow. We offer IT support and consultancy services, cyber security, and software development – including flexible pricing options suitable for organisations of all sizes. Why not take the step to speedier, more efficient systems? Contact us today.

Our Services

Intersys