Want to play a game?
How identity thieves harvest personal data through our desire to play interactive games on social media.
I remember variations of this line distinctly in two different movies, SAW and War Games. In one movie you have to “play a game” in order to try and stay alive. In the other movie a game, Global Thermonuclear War, is played, which could lead to the start of World War 3. One was a game of survival, and the other a game of interest that drew the character into doing something he shouldn’t have.
This leads me to think of Facebook. Over the past weekend I was seeing notifications from friends who were responding to the “fun games” that asked for answers to questions, which in most cases, seemed entertaining and harmless. But after seeing what seemed to be 100’s of answers, I began to think about what my friends were really sharing, and how it could be used against them by nefarious actors.
Below, I wanted to share a few that I saw over the weekend, and provide my take on how these can be used to better identify who you are.. and how it can be used against you.
Getting an idea of where you have traveled, allows identity thieves to track your favorite locations and even possibly when you might go there again. Also asking questions about where you have been, empowers those thieves to follow up with more specific questions. They want the interaction to continue, helping them to further narrow in on your identity. How can the answers to the following image be used:
- Finding out a location you have traveled to allows thieves to expand a search of you in that location, such as credit card transactions, pictures, auto rentals, etc
- The thief could redirect your response to a link they own to obtain more information about you
- Thieves work in teams spread out in various cities, and if they know where you are, it is easy for them to target unsuspecting individuals while you might be vacationing
- As you share your answer, as harmless as it may seem, the personal information you divulge could be used in crimes connected to trafficking or terrorist operations (more common than you would think)
Evaluation of Self
This is an interesting one because it is asking for a self-evaluation, which is usually going to indicate something pretty personal about you. Not everyone is going to share their deepest regrets or thoughts, but there will be some that will reveal enough that the thieves could use to exploit you. This is how they might do it:
- If you share something you regret, the thieves can exploit a fear or an emotion which is an extreme driven for continued interaction
- Words mean something to us, and the ones we use allow thieves to build a profile better helping them to identify and steal your identity
- If you share that you wanted to pursue something that you had not yet done, then the thieves can use that to lure you deeper into interacting with a link to other content they own
- Also, the words we use can end up being a part of the passwords we chose – one step closer to stealing your identity
Ahh to be Young
Everyone likes to think about their younger years (I certainly do)… When we reminisce and answer questions about the past, it helps thieves locate past information about you. If you’re like me, I do not remember minute details about things I may have signed up for or communicated in my teen years. That makes us vulnerable to thieves as they continue to build a profile on us. How this can hurt you:
- If you share where you worked as a teenager, this would expose you worked as a teen and would have completed a tax return, this gives thieves another place to look for vulnerabilities
- If you were added to your parent’s tax return, that could potentially expose them to an identity threat
- Stealing an identity is based on piecing together a series of data points to both find something unprotected and identifiable. If the thief only has a name and date of birth in one search, but in another search found a driver’s license number and a date of birth tied to where you worked as a teenager, then they now have all the information to begin taking over your identity
- If you shared not only the name of the place you worked but also the location, thieves could identify potential cities you lived in and look for personal data that includes the city (auto loan, car insurance, rental records, etc)
What’s your Least Favorite?
Thieves do not care what your least favorite place is, they want to know where you like to shop. That way they can look for what you’re searching for so they can send phishing emails about purchases, upgrades, and/or extended warranties. Target is a good example. If Target is one of the retailers you would keep among others, the hacker may consider the Target breach from a while back and look for your name among the compromised accounts. How does this get exploited:
- The thief can assume you have shopped at Target, and use social media to offer a Target gift card or reward if you click on a specific malicious link/website
So, a simple, fun and interactive “game” has now turned into a thief’s campaign? Maybe not. I am in no way suggesting that any of these, or the other questions my friends are responding to, are anything more than a fun break from your hectic day. I do find some of the answers to be interesting and sometimes hilarious. But if you think beyond its facade, you might see another, nefarious intention.
So, I ask you again… Want to play a Game?