Have you recently joined the latest social media trend on Facebook to post a nostalgic memory like your senior photo or your first car? You may have unintentionally provided the answers to common password retrieval questions.
With most US citizens now living under official stay at home orders, people are increasingly participating in social media trends for entertainment. However, according to a recent FBI press release, participants may be inadvertently increasing their vulnerability to cyber fraud and scams.
“A number of trending social media topics seem like fun games, but can reveal answers to very common password retrieval security questions. Fraudsters can leverage this personal information to reset account passwords and gain access to once
protected data and accounts,” the release said.
One of the more popular photo trends encourages Facebook users to post their senior photo in a show of solidarity for the class of 2020. But in addition to sharing their portraits, many people also include the name of their high school, mascot, and their graduation years. While on the surface this seems innocent, all three of those are commons answers to password retrieval security questions.
Here are several other pieces of personal information that recent social media trends ask you to share:
- Your current or your childhood best friend.
- The name of your first pet.
- Your first or your favorite concert
- Your favorite restaurant.
- Your favorite teacher or your teacher from a specific grade.
- The make and model of your first car
This sample screenshot, which is publicly available on Facebook, reveals the name of an unsuspecting woman’s high school, her graduation date, and her high school’s mascot.
The Importance of Multi-Factor Authentication
Beyond encouraging social media users to be vigilant about the information they share online, the FBI also strongly encouraged people to utilize two-factor or multi-factor authentication when it’s available. If you’re unfamiliar with the term, authentication is a process that requires users to validate their identity in more than one way.
From a business perspective, enabling multi-factor authentication is one of the recommendations you can find in our work from home cybersecurity checklist.
As a general rule, whenever you or your business have the option to implement multi-factor authentication, you should – especially when accessing sensitive personal or business data.
If you would like to learn more about securing your remote workforce, our cybersecurity team is currently offering a free Remote Workplace Cybersecurity Consultation