A new social engineering scheme rides on the coat-tails of royalty.
In these times, everyone wants a good news story and will latch on to anything that brings a little light to our newsfeed. So of course the Royal Wedding has social media users all taking part in discussions that naturally take place.
Hackers/scammers are in on the party too. When you are a scammer you trade in information and that information is ideally used to gain control of online accounts that can be then sold on the black market for a various number of reasons.
Take a look at the image below and see if you can work out what the big security deal is all about.
So it is not directly asking for usernames and passwords so what is the big deal. That is part of the scam itself. It is asking for obscure information that we don’t use often. But we still use it for a very important reason.
When was the last time you forgot your password and had to recover your account. If you can think back to that then you should see the problem pretty quickly. If you still can’t see why this is an issue I will break it down for you.
We use “security questions” to verify our identity in order to recover passwords. These security questions often include names of relatives (like mother’s maiden name, name of oldest sibling or name of a grandparent), the name of your childhood pet (often your first pet) and the name of the street you grew up on.
See the problem? If someone was to scrape this information along with your email address (which is attached to your social media account or easily searchable) then I would have a pretty good shot at compromising your account, resetting the password then selling that account on the black market. A lot of this can be automated so in a matter of minutes with a big social engineering campaign riding on the Royal Wedding hype a scammer could collect enough information to compromise hundreds if not thousands of accounts which will net a decent price for minimal effort.
This is the main reason why I avoid participating with surveys and those fun questionnaires especially in the wake of the Cambridge Analytica scandal. Users of social media need to understand that the bad guys go to where the people are and with around 2 billion active users on Facebook alone, you can be sure that scammers are active on social media to take advantage of those easy pickings.