How Social Engineering Hacks Your Password

TechViews News   …..  

I don’t spend much time in social media sites, other than to simul-publish our articles to reach a broader audience. But while scrolling through a few comments posted by some of our followers, I noticed an alarming trend.

We’ve heard about social engineering and how it tricks us into giving personal information that hackers can use to gain entrance to our personal and business accounts. It is a “game” that is circulated among “friends”.

This game asks personal questions and asks you to compare your answers with others in your ‘friends’ list. You simply answer a question and then post your answer in your timeline for others to see. Then your ‘friends’ are asked to do the same thing.

This spreads much like the chain letter from a few decades ago where you put your name at the bottom and send it to the top five people to keep the chain going.

After a short amount of time there could be hundreds, even thousands answering personal questions and letting multitudes of others see your answers.

This is one of the main ways hackers and use to collect and sort through your personal information to reconstruct your passwords. This method is trying to get you to expose your security password reset answers.

Typical password reset questions include:

What Is your favorite book?
What is the name of the road you grew up on?
What is your mother’s maiden name?
What was the name of your first/current/favorite pet?
What was the first company that you worked for?
Where did you meet your spouse?
Where did you go to high school/college?
What is your favorite food?
What city were you born in?
Where is your favorite place to vacation?

As a study indicated,

“All four of the most popular webmail providers – AOL, Google, Microsoft, and Yahoo! – rely on personal questions as the secondary authentication secrets used to reset account passwords. The security of these questions has received limited formal scrutiny, almost all of which predates webmail. We ran a user study to measure the reliability and security of the questions used by all four webmail providers. We asked participants to answer these questions and then asked their acquaintances to guess their answers. Acquaintances with whom participants reported being unwilling to share their webmail passwords were able to guess 17% of their answers. Participants forgot 20% of their own answers within six months. What’s more, 13% of answers could be guessed within five attempts by guessing the most popular answers of other participants, though this weakness is partially attributable to the geographic homogeneity of our participant pool.”

Bottom line – be careful when social media games try to get information from you, they may be trying to trick you. And next time you pick a password reset answer, try NOT to pick the usual stuff.

Be Safe – Backup Your Data Regularly!


And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published.