Falling for social media hoaxes indicates a deeper underlying need for online awareness, according to Ben Yelin from the University of Maryland Center for Health and Homeland Security.
Yelin joined the CyberWire’s Hacking Humans podcast to discuss why people continue to fall for Facebook posts which claim that you can prevent Facebook from using your information by simply copying and pasting the text into your own post.
“In the past, I've also seen people I went to law school with or people who really should know better,” he said. “To think that by copying and pasting something onto your Facebook profile, your Instagram profile, that you're granting yourself any sort of legal rights is just hilariously preposterous....You would think that the people who are posting this would have come into contact with this in the past and would realize that it was a scam.”
Yelin added that the fact that intelligent people can still fall for such a well-known hoax has much wider implications than simply irritating people on social media.
“To make a broader point, the fact that people can't see the warning signs that this is a fake post is kind of deeply concerning to me,” he explained. “Especially when you have things like ransomware attacks, they come from posts that look an awful lot like this, from disreputable email addresses, a lot of capitalization, changes on fonts, you know, scary-sounding warnings about an action that must be taken. And if people are falling for something so obvious like this, what's to stop, you know, somebody who works for a city government, for example, from clicking on an email and bringing down an entire city's digital infrastructure?”
Yelin concluded that everyone needs to get better at vetting the information they see online. This hoax in particular should be very easy to debunk if people would get into the habit of verifying a claim before acting on it.
“If you have any doubts as to whether some social media warning is true, first of all, it's almost certainly not true,” he said. “Second of all, paste it into a Google search. You can immediately see that this has been a long-running consistent Internet hoax that has been debunked by reputable news organizations. Think before you post, I think, is the advice summed down into three words. And just have a better BS detector. It's just incumbent on all of us to be able to identify BS like this.”
Everyone is susceptible to social engineering, and you can’t know how vulnerable your organization is unless you test your employees. New-school security awareness training can highlight your organization’s weak spots while improving your employees’ resistance to social engineering attacks.
The CyberWire has the story: https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-09-05.html