We’ve all seen the latest social media challenges, but how much thought do we give to what may be lurking beneath them? The prospect of instant "fame" can be a driving force behind online challenges, even when contestants throw common sense to the wind. For instance, the light hearted “Try Not to Laugh” challenge made the “Tide Pod” challenge look as crazy as it was. After all, eating a laundry detergent pod made contestants very sorry they accepted that challenge. But thanks to enterprising hackers, not every social media dare is as innocent as it appears. The popular “Florida Man Challenge” featured prominently on Twitter, was recently exposed for what it was–a targeted phishing scam.
The idea behind Florida Man seemed innocuous enough and good for a giggle. Participants typed in a Google search using “Florida Man” and their birth date to get a headline from Florida news outlets. The challenge is to post the story on your social media account, no matter how bizarre. After all, it’s in the name of good fun, right? Wrong. There were hackers waiting for Florida Man contestants, keeping tabs on the personally identifiable information (PII) entered for the challenge. In fact, hackers created the Florida Man challenge. Their goal was to get PII for targeted email phishing attacks. With all the personal data flooding social media sites, it takes very little for cybercriminals to cobble together a comprehensive PII profile.
Although it’s impossible to stop the challenges, it is possible to participate safely. The Florida Man challenge is just one of the many online contests that require giving PII to participate. The goal is to get information like high school name, mother’s maiden name, place of birth, date of birth–the list goes on. Hackers gather tidbits of PII from all over the web, and before you know it, portfolios are developed and identities are stolen.
Keeping aware of how much and what type of PII you put on social media is important to preventing targeted email attacks. Armed with your PII, it’s easy for hackers to send emails aimed directly at you, and can grow to include your contacts too. Perhaps an innocent email from an old high school classmate suggests you click a link to see school pictures. Or maybe a “Happy Birthday” gift card from Amazon is the subject line. Not only can a challenge contestant get hung out to dry from their PII, but family and friends linked to their social media accounts are also at risk for email phishing.
The best protection keeping your PII from being pilfered comes from your everyday cyber-smarts. Remember, once your PII is out there, it’s out there–even if you delete it from your account. You cannot ever be sure it’s gone. Once it’s shared or tagged by someone else, you lose control of what happens to it.
In the case of the Florida Man challenge, a front for a phishing hack was portrayed as harmless fun. Always be suspicious of emails you’re not expecting, senders you don’t know, and most definitely do not click on links or attachments those messages contain. The links are likely fake and designed to steal even more PII, and the attachments can be loaded with malware. The next time you’re considering taking a social media challenge, think twice before providing your PII. You may decide being the next social media sensation may not be worth the cost after all.