Large public social media groups like the popular #ImStaying Facebook page present a lucrative opportunity for criminals, according to South African Banking Risk Information Centre (SABRIC) acting CEO Susan Potgieter.
When asked whether the social media group and others like it were a playground for criminals due to the amount of personal information exposed, Potgieter replied in the affirmative.
“Yes, definitely,” Potgieter said. “Social media has risk. It has risk if you overshare.”
“Criminals use social media for their advantage. You can learn so much from somebody if you just follow them on social media.”
Even if you do not share your location, wealth status, or other personal information in a public post, this information can often be gleaned from your Facebook profile.
Potgieter said that many people fill out all the fields in their public-facing profiles without thinking of the implications.
“For example, why is it necessary to put your cellphone number on your social media platform? People, unfortunately, fill in every bit of information and then it is out there for the public to see,” she said.
“If you need to disclose information to participate in the forum, only fill in the compulsory fields,” she said.
“Don’t let being in holiday mode see you give away your personal information.”
#ImStaying vs #NotSaying
“SABRIC encourages people to empower themselves by sharing information selectively, and on a need-to-know basis only,” Potgieter said.
“This is why we are adding the hashtag label #NotSaying to all our messaging, to remind people to not just share any personal information without careful consideration when prompted to do so.”
Public social media groups such as #ImStaying could be lucrative targets for criminals to conduct malicious social engineering attacks and steal personal or confidential information.
Potgieter differentiated between personal and confidential information, stating that the former should be shared only when the recipient can be verified. Personal information should not be shared publicly or willingly given to strangers.
Confidential information, on the other hand, should not be shared with anyone, even family and close friends. This information is private and should not be given out under any circumstances.
Personal information includes the following:
- ID number
- Passport number
- Travel information
- Driver’s licence
- Bank account number
- Contact details
Confidential information – which should never be shared with anybody – includes One-Time PINS (OTPs), PIN numbers, usernames, passwords, and card security codes.
Many phishing attacks attempt to steal this information from people to compromise their bank accounts, and Potgieter said that these attacks are set to increase in intensity over the holiday period.