Obama '08

Social Networking or Social Engineering?

April 20, 2006 – 11:19 am

Do these questions look familiar:

What was the name of your high school?
What was your high school mascot?
What is your favorite color?
Where were you born?
Whats your favorite sports team?

If you have a MySpace profile, a Xanga account, even an e-mail address in some cases, you probably recognize these as questions from surveys you may have received. Now how a look at this:

Those are the security question options from a major financial website. The similarity of the questions to common survey questions is alarming to me. If its not already happening, I’m sure its only a matter of time before some unsavory phisher and/or scam artist hops on MySpace (or any other social network), creates an account, and begins collecting friends and sending out surveys. In a matter of hours, the scammer would have information good enough for authentication about many of the “friends”.

It seems as though social networking can easily cross the line into social engineering. Sure people know not to share their passwords and social security numbers but what about the other identifying information? How much information is too much information? The line between social networking and social engineering seems to be really fine and really fuzzy. Here’s hoping some education for companies (because the example given above is really piss poor) and individuals will help to make this line a little more broad and definitely more clear.



  1. 2 Responses to “Social Networking or Social Engineering?”

  2. where ARE you anyway? You used to be the IM queen. Now you’re hardly ever logged on. Do you have a REAL job? Is that what this is all about?
    …misterboston

    By MisterBoston on Apr 27, 2006

  3. I couldn’t agree with you more, Erica. Especially in light of all the recent losses of personal data by so many different companies. As far as I see it, the less I have to reveal about my personal life, the better. Not because I am so secretive but because the more someone knows about you the more chance they have of being able to pretend to be you.

    By Doug George on May 12, 2006

Post a Comment

The views expressed here do not represent the views of my employer. EricaJoy is powered by WordPress Theme designed by Bob