There’s never been a better time to be a quiz on the Internet. Back in the early days, people at work with too much time on their hands had to be content passing along chain e-mails, which were a left-over from the snail-mail version of chain letters. Eventually, people caught onto the fact that forwarding that e-mail to everyone in your contact list wasn’t really funny and was actually pretty annoying, so we made the shift to online quizzes that really for real tell us so much about our personalities. If you haven’t picked up where we’re going with this, we’ll spell it out for you. Online quizzes are often just as annoying as those chain e-mails, but they’ve got a bigger downside – they’re potentially more dangerous to your security efforts.
We’re thinking about quizzes because of the recent Washington Post quiz that claimed to be able to divine some rough demographic information based on the apps you have on your phone. The math behind it is a little interesting (visit the post if you want to learn more or take the quiz yourself) but what’s most important to us is how fast this survey made its way around our social networks.
This quiz spread fast because it has an obvious hook – did it get it right? Are you actually a female under the age of 32 who makes more than $52,000 a year? The results come in the form of simple demographic information in that comes down to one of two binary choices. From a content standpoint, it’s compelling enough to pass along – and that’s where we have to start paying attention from a security standpoint.
We’re not particularly worried about this quiz because the Washington Post is a pretty reputable source, but what about the other quizzes that show up on your Facebook feed?
Quizzes and other viral content goes viral based on the strength of the headline and image, not the reputation of the source. It’s why click-bait works so well. Tap into the lizard part of your audience’s brain, get them to use their mouse fingers, and whisk them away from their trusted social sites and to pretty much whatever corner of the Internet you want.
Content like quizzes are particularly dangerous because they seem to have a legitimate reason to ask for your information. How are they going to tell you your Wu-Tang Clan name if they don’t get your mother’s maiden name? How can a site judge your “real age” from your photos unless you turn over your Facebook log-in credentials?
Social sites like Facebook and Twitter mean it’s easier than ever to find an audience for your quiz or other highly “shareable” content. Opportunistic hackers are taking advantage of those platforms to trick users into handing over their information – and a lot of those users might be working for your company.
The same tricks that get people to turn over personal information to answer a quiz work when it comes to “phishing” attacks – hacks designed to appear as trusted sources and trick your employees into handing over information that might compromise your company’s safety. Phishing attacks have the potential to undermine the rest of your company’s security measures, regardless of how effective (or expensive) they normally are.
How do you avoid having your employees fall victim to phishing attacks? The same way we put a stop to those chain e-mails – you have to teach them to stop. Symplexity now offers PhishNet, a comprehensive testing and training program designed to identify which employees may be particularly vulnerable to phishing attacks and help your entire company know what warning signs to look out for.
To learn more about how Symplexity can help, contact us today.