Three questions to ask yourself before you post on social media

BY KERRY TOMLINSON, AMPERE NEWS

Are you oversharing? Giving away too much about yourself on social media?

Here are three questions to ask yourself about your posts from a social engineering expert.

Social engineering is when someone manipulates you into doing something that usually benefits them and not you. Social engineers use social media to find clues that they can use to attack people and trick them into giving away money, passwords, and more.

Watch here:

Path of a stalker

How do you know if you're sharing too much on social media? Social engineering expert Jenny Radcliffe gives us three questions to ask yourself before you post.

But first, here's why she says these questions are important.

Her story starts with a beauty blogger on Instagram with hundreds of thousands of followers. The influencer was careful with her pictures, not giving away clues about things like her address or what the outside of her house looks like, Radcliffe said. But there was a problem.

"She had what we call a fixated individual. A stalker," Radcliffe said in an interview with Ampere News in London, England. "We couldn't work out at first, because she was careful with her own accounts, how he was identifying all her movements."

The blogger hired Radcliffe to uncover things like what the stalker was doing and how.

As a professional social engineer, Radcliffe often tests people and organizations to find their weak points so they can fix them before a criminal social engineer attacks.

Small clues add up

One of the keys with this case, Radcliffe said, was the beauty blogger's little dog who had his own Instagram account with 50,000 followers.

"When you show the little pictures of the little guy on the walks with the little bow tie and everything, you'd see the shops and everything," she said. "Because in the background of the dog's pictures was identifying landmarks."

That alone was not enough. But Radcliffe followed the stalker's digital path.

the big giveaway

The next step was a fitness app that the blogger used where you publish your jogging route and time so people know how long it can take to do the run.

"You can narrow down the area because we can see shops and we kind of know roughly where she is," Radcliffe explained. "We can narrow down the area, then we go on the fitness app and look at common jogging routes in that area."

People who used the app could post their routes under an online name. But the handle that the blogger used matched the name of the Spotify music playlist for her little dog's Instagram account.

Now the stalker knows where she goes and when.

"At that point, we can pinpoint exactly where she is. Every morning," Radcliffe said. "And then it's like, 'Okay, at 8:30 every morning, you'll pass by that shop with that dog.' Yeah, the stalker had found that out as well."

3 Questions

The blogger and her little dog are fine now, Radcliffe said. And most of us are not influencers with massive followings. But Radcliffe has three questions you can ask yourself to stay safer on social media:

1. What could an attacker do with my post?

Put yourself in the place of the criminal and see how they could use it against you. For example, if you post about your nightly solo dog walks in a dark area, you are giving an attacker a regular place and time to find you alone.

"If someone meant me harm, let's put a different hat on and look at it that way through that lens and say, 'If someone meant me harm, what could they do with this?' And then go worst case. 'What's the worst case?'" she said.

"And then if you choose then to share, then you choose to share. But as long as it's an informed choice, that's really the way to go," she added.

2. What am I showing in the image?

Review whether your image reveals things that are more personal than you'd like or that could make you vulnerable, such as an address or phone number or other sensitive information. A classic example is the picture that shows your computer behind you --- with a sticky note with your password on it.

"What's in the background of that photograph? Who is in the background of that photograph? Does it locate me?" she asked.

You could post your location after you leave that location, she suggested.

3. Who needs to see it?

Consider privacy settings on your accounts, Radcliffe advised.

"You can say, 'Friends and family only.' Private accounts on something like Instagram, for example. And then what that means is those are the people that see it. You default to that," she said. "So, unless you need everyone — the whole world — to see it, maybe we should restrict it."

More than Stalkers

It's not just about stalking. Social engineers use clues on social media to figure out things like where we work, what we like and don't like, and if we're short on cash. That way they can send us attack messages tailored to us to steal our money and passwords and/or to break into our company accounts.

If you post about needing money, an attacker knows to send you a message about a fake money-making scheme or a deep discount coupon for a store you like.

If someone in a message or email claims to know you, they may have simply harvested your details from your Facebook, Instagram, or LinkedIn, among others.

We all have to set our own boundaries when it comes to social media. But in many cases, less personal information about you may be better.

"Post away. But be careful," Radcliffe recommended. "In the same way that I don't want to have a double chin, or I don't want my hair to look bad, just do that check in terms of what's in the background."

"If we pay as much attention to what's in the background and the content as you do in how great you look, then we'll probably get it right most of the time."