Once again this morning I was browsing Facebook with my morning coffee and giving the Tech Support Cat her morning attention (and treats) and I saw that a friend had commented on one of these “First …. “type posts (see image below) which had at the time of writing this 6,8 million comments and 159k shares.
Most of these comments were from people just happily typing in their answers, one connection had answered the post twice!
This is not the only post that I have seen that is trying to mine data! The other ones go along the lines of “I bet you can’t name a fish with the letter A in its name” and then lots of people go and fill in “Salmon”, “Haddock” etc.
The first type of post is designed to get your password reset questions, why go to the bother of hacking the password when you can “hack the human” to get their password reset questions, so you can just login and do the “I forgot my password” routine and enter the answers to your password reset questions.
The second type of post is used to help fill in “rainbow tables” which allows attackers with access to a list of “hashed” passwords.
As a rule, sensitive data gets encrypted via hashing the data to prevent theft. Rainbow table attacks succeed when the hackers match the hashes used to protect this data.
Once the attacker has a rainbow table in place using the correct hashing algorithm then they just need to point it at the password database and it’s open season.
What can I do to protect myself?
Number 1 – Stop filling in these “quizzes” on Social Media.
They are only data mining to either try to compromise your account or get you to help them fill in their rainbow tables.
Number 2 – If you are not using a password manager at the moment, get one.
There are several available, UndoIT use Bitwardenand recommend it to our clients, but other passwords managers are available, 1Password, Dashlane, and Keeper. You can import your currently saved passwords from your browser of choice, and the software will tell you how secure these are.
Number 3 – Use a different password for each service that you use.
Facebook, LinkedIn, Google, Microsoft, use a new, long complex random password generated by your password manager to ensure that if one password is breached or the database is leaked then only that product needs to have it’s password changed.
So many people are compromised because they reuse the same password across multiple platforms.
Number 4 – Use MFA where possible.
A strong password helps, but don’t feel just because you have a strong password that you are totally safe, yes, a decent password may take several million years to crack at the moment, but technology is always progressing.
Always pair it with some sort of Multi-Factor Authentication (MFA) often known as 2 Factor Authentication (2FA). This way if your account is compromised either via brute-forcing, rainbow tables or phishing the attacking party also require a second form of Authentication normally via your mobile phone using an application such as MS Authenticator, DUO Security, Google Authenticator etc.
Number 5 – Be careful where you put your mouse.
If you get an attachment from someone you are not expecting, do not open it. Contact the person who “sent” you the mail (not by clicking on reply) and ask if it is genuine. If you get an email or SMS from “Amazon”, “Netflix”, “DHL” etc saying there is a problem with your account or order information do not click on any links, always go to your browser and visit the site / your account pages manually.
Yes this all sounds a little bit scary, but it is very easy to integrate into your online life, if you would like help with any of the issues in this blog please do not hesitate to contact us.
English (UK) 
Svenska