When we think of hacking, we generally think of our online personal information being exploited or an online account being compromised. However, there is another form of hacking called social engineering that often does not ultimately seek to exploit your data, but rather your thoughts, values, and behaviors.
What is Social Engineering?
While both the internet and social media are relatively new developments in the human experience, the concept of social engineering has been around for thousands of years. A prime example is the story of the Trojan Horse, in which a seemingly harmless gift allowed the Greeks to penetrate the seemingly impenetrable defenses of the city of Troy. The Greeks manipulated the Trojans by gaming their predictable desire for a war trophy and exploiting their expected behavior.
The term “social engineering” actually covers a broad array of techniques and strategies in many different human realms for an even wider variety of goals (both nefarious and altruistic). But for the sake of this discussion, we’re going to focus on social engineering that leverages social media and natural human social tendencies to trick, manipulate, or exploit the greater public.
Your Personal Data is a Valuable Commodity
As with any discussion about internet security, we cannot stress enough how valuable your personal information is to anyone online with ill intent. Most people think this simply means protecting passwords and credit card information, but the truth is that even your social media comments and likes, social affiliations, political leanings, and online habits can be used for nefarious purposes.
How Your Social Media Data is Used Against You
If you’ve spent any time online, you undoubtedly have been shocked a time or two on how advertisers can seemingly read your mind and serve you ads on things applicable to your current wants and needs. Similar data mining techniques can be used to serve you “compelling” information that may or may not be rooted in reality, with the ultimate aim of changing public opinion at large.
By mining your social data, an organization or group can easily discern your proclivities and associations and target you with ads, fake news articles, or even send you friend requests from fake accounts designed to play upon your social viewpoints, online behaviors, and/or political leanings. Magnify this data mining with the repetitiveness and ease of sharing on social media platforms and you have the perfect propaganda machine.
The Cognitive Bias
The human component that makes this type of social engineering so effective is the “cognitive bias”. We like to think our judgement and decision making is completely based on our keen sense of logic and our purely objective and rational viewpoint. The reality is that we are wired to make decisions quickly, substituting much of that keen judgement and careful, logical analysis with recognizable patterns that seemingly served us well in the past. Why do we do this? Survival.
Imagine there is a caveman named Og who, while out hunting, comes across a saber-toothed tiger that leaps at him. Og takes off running and spies a tall but very thin tree with spindly branches. He has climbed a similar tree and knows that the branches will support his weight but make it impossible for the saber-toothed tiger to climb. Without even testing the branches to see if they will hold his weight, Og leaps for the tree and climbs to safety. He was saved by cognitive bias.
But cognitive biases can also trip us up.
When Og later returns to the cave, his wife Oola shows him some berries picked from a bush she found in the forest. The berries are blue and Og always enjoyed the berries he’d eaten in the past that were of a similar color. Without thinking he grabbed a handful and stuffed them into his mouth. Og’s cognitive bias about the colors of berries unfortunately led him to become violently ill.
Social Media and the Cognitive Bias
Fast forward to the information age and think of the thousands of decisions we make over the course of a single day. These decisions aren’t usually “life or death”, and as such there is even more of a temptation to be guided by our cognitive biases.
Some of these decisions involve making judgments about information coming to us via social media. It could be some fun gossip about a movie star or a political story with a compelling headline. Chances are if the story is long, we may just skim it – or worse yet, share it to our friends on social media since the headline was so compelling. It can be very satisfying if they “like” it, make a comment, or even share it with their friends.
This isn’t a problem if the article in question has been vetted for being true, but this is hardly the case these days. Anyone can create a compelling but fake news story, and anyone can share that story without vetting it.
So what do we do to stop this?
The First Step is Protecting Your Social Media Data
We can’t stress enough about how important it is to protect your social media data. The following advice will go a long way to keep you from being the target of nefarious propaganda machines.
- Restrict who can see your social profile. This is especially critical on Facebook where we tend to post our most personal information; our social, political, and work associations; and even our current location. Fortunately, most social platforms offer levels of access in their settings.
- Be careful who you friend. Don’t “friend” or “follow” social media accounts unless you are sure they are legitimate.
- Protect your family and friends. Whenever possible, keep your friend lists private.
- Avoid free online games, quizzes, puzzles, and surveys. Yes, it might be fun, but more often than not, you will be giving the creator of that quiz access to your data. If you’ve played these online activities in the past, check your social media settings to see what apps and websites have access to your data and kick them out if they don’t belong!
- Don’t install apps on mobile devices unless absolutely necessary. Always make sure apps come from legitimate companies before installing and occasionally check your device settings to see what apps have access to what data.
- Use discretion before opening private messages. Even if a recognized friend sends you a message, his or her account could have been hacked and it is someone’s attempt at gaining access to your account.
Hopefully these tips will help secure your social media platforms from the prying eyes of the wrong people. Look out for the next installment in this two-part series where we will get more in-depth with how social engineering is used to manipulate society and what you can do to help stop the spread of misinformation and social manipulation. If you’d like to discuss this further, connect with us via the form below!