EXPLAINER: How Social Media Comments Can Empty Your Bank Account
Nothing delights scammers more than a trail of your personal information on different social media platforms.
Social media users often drop their personal details while engaging posts on Twitter, Facebook and other platforms. These actions, though innocent, tend to leave a digital footprint. And to scammers, these footprints are like a treasure chest.
Recently, @ayodeji_og shared a post asking tweeps to reveal the names of their mothers in a thread. This request did not sit well with many Nigerians who understand social engineering.
Is your Mom’s name beautiful? Flaunt it and make it a thread.
Mine is Folarinlola
— AYODEJI | City Boy (@ayodeji_og) May 20, 2023
@WolePhoenix, one of the tweeps who commented on the post, noted that all the information other tweeps might have dropped could be used to launch a malicious attack through social engineering.
Findings showed that social engineering refers to every technique aimed at making someone reveal specific information or perform a specific action for illegitimate reasons.
It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
Abdulrahman Tunde, a cyber security researcher, who commented on the post, vividly illustrated how sharing one’s details online could be unwise and risky.
“Those engaging this tweet, I have a message for you. Previously, you have dropped your [date of birth], you have dropped your account details under giveaway, you have dropped your location of birth under a different engagement,” said Tunde.
“You have also dropped your phone number to win data giveaway. Then ‘Mr. Charles from your bank’ will call you tomorrow. He will tell you your name, your DOB, your mother’s name, then tell you your ATM is having issues.”
“Then you will call your ATM number, and [he will] ask you to send OTP. By tomorrow, you will start dragging ‘your bank’ that you were wrongly debited. A more deadly scenario is using these same details you are giving out willingly as your PIN, password and security questions.”
WHY SHOULD YOU TAKE CAUTION?
Questions such as ‘What is your mother’s maiden name?’ are known as security questions.
Apart from mother’s maiden name, security questions can come in the form of address, date of birth, name of the street you grew up on, the name of your first pet, the name of your high school, the city where you grew up, your childhood nickname and the model of your first car.
According to Okta, an American identity and access management company, these questions are used to authenticate one’s identity. They typically serve as an extra layer of security.
What does the above imply? In Nigeria, many websites, as well as mobile and web apps, utilise security questions. Also, financial institutions, cable companies and wireless providers use security questions.
Banks, for instance, require customers to answer security questions when they want to reset their pins or passwords, change their transaction PIN and manage beneficiaries, among other functions.
In an era where online scam is rife with no permanent solution in sight, one can imagine the dangers associated with voluntarily giving out personal information in the name of social media engagement.
When such questions are asked on social media, they might appear harmless. However, one must think twice before answering them because fraudsters may be lurking in the comments waiting to pounce on their next victim.