Attack of the Facebook Quizzes

Social engineering attacks are becoming increasingly prevalent, and I've profiled a few in this blog. But I recently read an intriguing white paper/research report on some of the dangers of Facebook and other social media websites. The real risk is divulging too much information about ourselves via online quizzes and user profiles. This particular white paper is titled "Which Disney Princess are YOU?" The author writes:

Social engineering for identity theft has always been around. But now, with the advent of social networking sites such as Facebook, MySpace, and a host of others, it has become easier than ever to harvest personal information from unsuspecting targets. This paper looks into just how much personal information can be gathered by the seemingly harmless "What type of personality are you?" quizzes that are so prevalent on social networking sites. The paper will then look at what the information could be used for and how to protect against this particular vector of social engineering.

Too often I see these types of quizzes being passed around by my friends on Facebook. They might seem harmless enough, but this paper is a real eye opener for just how far some attackers are willing to go. You might think you'd never fill out a quiz like this, and that might be true. But what if you have a child at home who's taking these quizzes on your computer? It's also possible new quizzes will and have come to the fore that focus on other topics, those of which might relate more to an older, more mature crowd.

It was once said to me that the only way to mitigate the threat of social media attacks is to stay off social media websites altogether. However, it's becoming increasingly hard to do so when so many of us use these sites in a professional manner. So we have to exercise restraint. Don't divulge personal information. Keep conversations private. And finally, when possible, don't partake in social media sites on computers that hold sensitive information.