If I met you in the streets and requested specific details about yourself, you would not give out such information to me — being a total stranger. But, what if I told you that by virtue of your activities in Facebook groups, I know the minutest detail about your life?
For decades, social engineering for all levels of criminals means they would have to break into people’s homes and offices before getting some information they can use. In the modern social media-driven world, however, it is much easier. Just throw in a question under the guise of being interactive, and you’ll learn what you want to know.

Also read: Why privacy should be your concern in the era of surveillance.

How fraudsters use Facebook groups for social engineering

Before proceeding any further, let me make it clear that not everyone who posts such questions (as the ones I’ll be highlighting here) does so with the intention of phishing for information. In fact, a lot do so with no bad intentions. However, there’s always someone watching — silently — and such people are usually the ones who can do much damage.

Also read: NITDA frowns on fraudulent online data collection.

Let us play a game. Don’t spoil the fun

So a group member poses a challenge for everyone. Mention a landmark in your area and find your neighbour. Totally harmless and fun, right? Not really. Sitting somewhere, scrolling through the comments is someone who has taken an interest in you because (s)he’s noticed your activity in the group. And your answer, the landmark you mention, would help that observer narrow down your location.
Chances are, even before getting a fair idea of where you live, or once lived, that person already knows about the school you attended as well as your graduating class because months ago, you responded to a similar challenge and revealed all that information in the hopes of reconnecting with fellow alumni.
And this is even under the assumption that only one person is out there monitoring you. So just imagine that it’s a whole criminal organization closely watching you; making effective use of social engineering — with you as the target. In an era where abductions or kidnappings are on the rise because human trafficking is a multi-million dollar industry, making yourself less known on the internet, or privacy, must be the one thing you shouldn’t compromise on.

Also read: Mimecast — Email security for Microsoft Exchange and Office 365

I run my business online. I can’t hide

Oh yes, you can. There is so much personal information you should leave out and away from your business. What has your secondary school house or dormitory got to do with the business you own now?
If any random person in your life filled a form with such detailed information about you, and either sold or gave it all away to any interested individual or organization, chances are, you would not take it lightly. You may even pursue legal action to address your grievance. So it goes beyond just having fun.
There are many things which can be done with the information gathered about you via the internet. From using your likeness and details to create fake identity cards, to defrauding your friends and other contacts — the possibilities are endless.

To conclude…

Social engineering in modern times does not need the aggressive approach employed in the past. These days, you only need to be patient and observant enough; and you’ll be given the required information on a silver platter.
Fraudsters use Facebook groups a lot. Such social media groups to a fraudster, function just as much as a mailing list would to a marketer or sales person. It is an avenue filled with lots of possibilities and you can expect them to exploit those chances to the fullest.
For stories of this sort and more, do well to log on to www.jbklutse.com or visit us on Facebook.

+ posts