I am sure you are so happy when you see the wall of congratulations on your Meta, Twitter, or Linkedin feeds. It brings joy and sometimes false happiness that you have so many friends who care about you.
When you share your birthday publicly, it brings some risks for you, and you might become a victim of a phishing attack.
Let me walk you through a simple scenario on how those attacks are executed.
The attacker has bad intentions. Their motivation, in this case, is to make you click on a link that could do a few things:
Let’s be honest here: You are more likely to click on a message that says, “Happy Birthday, [your name], here is our gift for you” more than anything else. You feel special on that day and you think with the emotional part of your brain.
Let me go through one of the possible flow of events (attack vector) via Linkedin-type of service.
This could be manually run or automated easily by using a web scraper and some basic python scripts to make it work in just a few hours.
If you look at the attacker motivation section above, you could construct even one that works even better. Pretend to be the person with the most connections among your friends and send an email to them a week before your birthday to buy you a present by submitting their credit card details on a special page. Of course, this page will be “credible”, because your picture, which you share publicly, will be shown there, together with some appropriate message to trigger your friend’s feelings.
You wouldn’t even understand that your friends chipped in before they asked you how do you like your new game console.
Those attack scenarios are just a few of the basic ones that cover some easy to explore patterns, supported by the publicly available data you have on your social media page.
To support this with data, I created a small experiment, doing exactly what I described, manually to some of my peers. 40% of them clicked on the link I sent pretending to be someone else. Of course on the landing page, I told them this is a joke and I told them to be more careful next time. How many peers do you have on social media? Imagine 40% of them clicking because they want to make you happy for your birthday.
I know you are a smart person and you will find a way to protect yourself, by here are some advice from me to help you get started
Consider moving your account to a new type of privacy-respecting data storage.
Be careful about what messages you open and what links you click. Think before click.
Sharing is caring. If you like your friends and you see them sharing their birthday information everywhere, send them a link to this article to warn them about all the things that can happen by exposing this innocent, at first look, detail about their most precious day of the year.
This article was partially published here.