Cyber safety continues to be of paramount importance. The instances of online scams, predators and potential pitfalls seems to grow on a continuing basis and if anything, scammers and predators seem to be getting smarter.
Protecting against online threats requires effective security. However, effective security is a balancing act where one must constantly walk the line between strong access control and user friendly service. To that end, many social media sites, banking institutions, online movie sites and so on, have adopted a policy of allowing users to recover or reset their password in the event that they forget it. And let’s be honest, who hasn’t forgotten a password or username once or twice before. Given the number of sites we visit and online services most of us use these days, it is almost impossible to keep track of every username and password (unless you use the same username and password for multiple sites but I am going to assume no one reading this is that stupid).
However, in order to allow users to recover passwords or user names, online service providers have had to develop a system of security that enables the user to confirm his or her identity, while making it hard for others to hack that account. To that end, the vast majority of vendors have implemented a challenge response type of system whereby a user is asked to answer a series of security questions upon opening an account. These questions often ask things that are supposedly known only to the user. However, the types of questions being asked are becoming increasingly common. For example, a site might ask you to identify the name of your first pet, or the name of your fourth grade teacher, or your mother’s maiden name and so on. As these lists of questions become more common, scammers and predators are becoming more savvy, developing social engineering or phising methods designed to ferret this information out. It is important that educators be aware of these practices, not just for their own safety, but also to warn students in an effort to prevent unfortunate security breaches.
Let us look at the example of a fun questionnaire that seems to have come from someone you know. Perhaps a close friend. The questionnaire asks a series of seemingly innocent questions about your friend and about you. This is done under the pretext that you answer the question about yourself and then the questionnaire compares those responses to your friend’s responses to the same questions to determine just how well they know you. For example, the questionnaire might ask, what is your favorite colour? What was the first type of car you owned? Where were you born? The reality is, the email most likely has not come from your best friend, but rather, it has been generated by malware than has infected your friend’s address book sending itself out without their knowledge (most likely picked up while he or she was downloading the latest season of Game of Thrones). Furthermore, your friend will never see the results of your questionnaire. The results will instead be sent back to a group of hackers or scammers seeking to breach the security on a site that might keep records of things like your credit card details and so on.
Anything you and your students receive online should be viewed with an air of suspicion. Anything asking you to divulge information known only to you and maybe a very select group of friends should be viewed as dangerous and deleted immediately. Even if your friend was silly enough to send such a questionnaire, do not respond as you cannot tell where copies of your response might be sent. This type of scam is becoming extremely common and a disturbing number of people are falling victim. Be sure to warn students and as always, delete anything you are suspicious of, do not open attachments from anyone you do not recognize and never ever give away personal information. n