Better think twice before clicking on one of those fun little Facebook quizzes that reveal your superpower or tell you which Disney character you most resemble.
Before you can say “Frozen,” you might discover that your most sensitive personal data has been scraped, stolen and sold.
“The creators of these quizzes want them to appear meaningless and harmless,” according to this article on the website of the cybersecurity company Avast. “They want everyone to engage whimsically with them. Because in truth, many are phishing attempts at your personal data. And even those that are not can be dangerous, because bad actors are always scraping social media sites for data. Data scraping is when someone pulls publicly-available information and builds profiles out of it.”
Here’s a common template used by cyber-thieves, according to Avast:
“The questions in these quizzes are all meant to tease out as much personal data as they can possibly get from you, including hints to your passwords and identity verifications, such as ‘What was the name of your first pet?’ or ‘What street did you grow up on?,’” writes Chistopher Budd for Avast. “At the end of the string of questions, you will get a made-up answer, such as ‘You belong in Gryffindor!’ At the end of the same string of questions, the data scrapers will have enough to start building (or adding to) a profile of all your information.”
Lawyers Mutual is on your side as you adjust to practicing law post-COVID. Our email newsletter “Practice Reimagined” offers timely tips, pointers and valuable links on wellness, work-life balance and quality of life – delivered straight to your in-box. Lawyers helping lawyers. It’s what we’ve been doing more than 40 years.
Why Social Engineering Scams Work
Most social engineering scams exploit one or more of the following human tendencies, according to Inspired E-learning:
- Authority. An attacker may call you pretending to be an executive in order to exploit your tendency to comply with authority figures.
- Liking. An attacker may try to build rapport with you by finding common interests, and then ask you for a favor.
- Reciprocation. An attacker may try to do something for you, or convince you that he or she has, before asking you for something in return.
- Consistency. An attacker might first get your verbal commitment to abide by a fake security policy, knowing that once you agree to do so, you will likely follow through with his next request in order to keep your word.
- Social Validation. An attacker may try to convince you to participate in a fake survey by telling you that others in your department already have. He or she may have even gotten some of their names and use them to gain your trust.
- Scarcity. An attacker may tell you that the first 10 people to complete a survey will automatically win a prize and that since some of your co-workers have already taken the survey, you might as well too.
Have you checked out Lawyers Mutual Consulting & Services? Founded by Camille Stell, who also serves as president, LMCS is a subsidiary of Lawyers Mutual. Its mission is to help firms build a modern law practice. It does that by offering expert advice and assistance into law firm trends and best practices. Camille and LMCS helps lawyers and firms create strategic plans and succession plans. A popular speaker and writer, Camille loves to guide lawyers through succession planning and into Life after Law. Contact her today.