What's Your Stripper Name? Social Engineering Through Viral Media
Around the time Eminem started asking if he could have our attention, another trend was taking off across the world in the form of Social Media. The rise of social media brought with it a new technique for malicious actors to collect information about more people than they would have considered in the past: Viral Media. Viral media is digital content that is passed quickly and easily between multiple parties. While Marshal Mathers may have been the real Slim Shady and taken off on the music charts, there were plenty of people in the world ready to start charting your personal information through the shady use of viral media. Throughout the remainder of this blog, you'll be introduced to various cloaks viral media puts on to conceal itself from its true purpose of collecting people's private information.
As most of us know, Hallmark is a card company, and what better way to make a buck than to sell a card or cards that people can use for all the various "National Days." Lucky for most of us, the world has gone virtual, which makes it easier to send those people you're thinking about on whatever National Day it is a fun meme, digital card, or tag them in some social media post that shows us all what makes you think about them. Unfortunately, with that ease of sending your friends and family well wishes on National Bathtub Racing Day (July 1st) comes with a price. That price is the ability for scammers and social engineers to send the same sort of well wishes or even more popularly get others to do it for them!
A short while back, I noticed a lot of friends sharing posts on their social media telling the world how fantastic their son, daughter, or pet is for National Sons Day (officially March 4th, often celebrated on September 28th), National Daughters Day (September 25th), and National Dogs Day (August 26th) respectively. While this had clicked in my head before, seeing so many posts about family members and pets being called out by name; I had this eerie feeling creep over my body as I realized that while I may not be the one falling for the ruse of the social engineer, some of my friends and family probably would.
During the rise of social media, many of us probably didn't give much thought as to what we were sharing with others or the implications of that knowledge. To those of you out there who recognized this pitfall, I offer a standing ovation! As the foothold of these (over)sharing platforms has grown throughout time, it has also become more known to most users that someone is going to be using them for evil and causing others to have bad days and not the kind we would celebrate on something like National Bad Day Day (November 19th).
To make a bad day worse, it's not just the "National Days" that are a part of these plots to destroy the world. Okay, maybe not destroy but at least cause a pretty big headache for those impacted. While social engineering can come in many forms, the aspect this blog is referring to is called viral media. Viral media can be an image, video, text, or other bits of sharable content that end up circulating quickly from person to person. Unfortunately, unless you plan on ridding the world of social media, this viral media is going to continue to persist and likely have victims fall to its trap.
As mentioned, this viral media doesn't stop at the "National Days." These happen to be abundant and an easy way to get people to buy in on sharing personal information throughout the year. One of my favorite forms of viral media is when the intent of the media is to capture the respondent's birthday. A quick google image search for "Birthday Scenario" will fill your screen with numerous variations of this simple way to get someone to provide their birthday willingly. But why do these gotcha techniques work so easily? Much like there is a "National Day" for anyone, there's a birthday scenario game for everyone as well.
First, they are often referred to as games. When the user sees the image, wherever it may be, it's like it is screaming out at them and asking, "Would you like to play a game?" to which many people are intrigued. Next, there's a scenario out there that is going to appeal to that person eventually based on the countless variations of the game using different themes as responses. So that person in your life that's over the top for NBA basketball is probably going to be more likely to stop and participate in the NBA Birthday Game. People who constantly argue which superhero is superior might fall victim to Comic Birthday Game. Know someone who is a bit of a lush? Get them to tell you what their cocktail is based on the birthday combination.
While the goal of the Birthday Game was to capture your actual birthday, a similar type of media can be set up to capture even more about you. Consider a list of the most common security questions that are used to verify who you are. That list might contain questions like the street you grew up on, the city you were born in, or where you met your spouse. The name of your first pet or your mother's maiden name are common as well. I've seen where these even go on to ask about your favorite color or food. Regardless as to which security questions are used for various sources of the accounts, these are just simple questions designed for something for only which you should know the answer.
Why would people willingly pass out the answers to those security questions for the rest of the world to see though? The answer, because they're hidden in plain sight and posing again like a game! Once again, a quick google image search has provided countless examples of these types of personal information gathering tools that all start out asking "What's your _____ name?" where that blank can range from Hippy to Sassy Elf, Rockstar to Monster, and I must mention the ever-popular Stripper. No matter the blank, these are all set up in the same fashion: Your _____ Name is: Answer to a security question + answer to another security question. At times the second security question response will be swapped out to obfuscate the true information being collected.
We live in a fast-paced world where data is at our fingertips, and the simple slide of hand can get by unnoticed. The next time you start to share that fun meme about National Orange Day (November 1st) because it is your favorite color, want to tell the world you're a Purple, Three-headed, Ice-Breathing Dragon based on the birthday chart, tell us your stripper name is Deeohgee Cedar, or tell us the first car you went 100mph in (probably your first car) was a '16 Ford Focus Electric; keep in mind you might also be telling those would be attackers what the answer to a security question from your bank account could be as well!
As this blog comes to a close, I would like to present a challenge to our readers. Many of you are likely in the cybersecurity realm and would recognize the examples above as blatant social engineering techniques. Some of you may even comment on friends' posts that share them as a reminder that they are giving away those security question answers. The next time you see someone sharing obvious or not-so-obvious viral media, instead of commenting on it, causing the media to spread like wildfire to more potential victims, send them the link to this article.
About the author