Have you ever taken one of those surveys online? One of those "Get to Know You" or "All About Me" surveys? I bet you said yes, but I avoid these things like the plague. Do you know why? Because there are a lot of questions that ask for sensitive information contained in these surveys that you should probably avoid telling people.
What do people need to know to get into your online email account? Username and Password right? Everyone knows your email address right? The password? No, only you know the password and you are not going to give out that information to anyone right? Of course not! If you seen a question on an online survey that asked, "What is the password to your email account" you are certainty not going to give that information out.
BUT when taking these online surveys, hackers can get information out of you that is just as sensitive as your password. "What? No, that's stupid. No way!" Think again....
Okay lets say your email address is slinkyman34521@email.com. There I have your email address, but I need your password. How do I get it? Simple. I manipulate a online survey to get the information I need to get into your account. Let us say we both have facebook profiles and we are both friends, but I want to get into your email account to get sensitive information. I create the following survey:
1. What time did you get up this morning?
2. How do you like your steak?
3. What was the last film you saw at the cinema?
4. What is your favorite TV show?
etc...
But here is the thing, inside this survey of say 50 questions. I have planted the following questions tee hee....
5. What city do you live in and do you like living there?
24. Who was your first grade teacher?
26. Where were you born?
27. Where were your parents born?
33. What was the make/model of your first car?
37. What your name would be if you took your mother's last name instead of dads?
44. Do you know when/where you were conceived?
45. What is your dob?
49. Who do you want most to respond to this survey?
"So what? Big deal those are stupid questions and you didn't even ask for my password." Ah, but you see I have asked for all the information I need to RESET your password and get into your email account.
On a side note if you see these trick questions, in order, on a survey and that's all you were asked about, then you would probably be suspicious and not answer the survey. Remember I am your friend, I took the survey, and the trick questions would be imbeded randomly somewhere inside those fun get-to-know-you questions.
Let's look at an important question that I would answer before posting my survey questions:
On all the questions I would answer truthfully, but on questions 49: Who do you want most to respond to this survey? I would put something like, "My friend Slinky Man, he has lived an interesting life." I only want him to respond to this, but if I get other peoples results then hey more fun in other peoples inboxes.
When and if Slinky Man responds to my survey I will have all the information I need to get into his online email account. Check out the questions I gave him again and I will tell you what a hacker would do with them:
5. What city do you live in and do you like living there? "I have the city, meaning I have the country and zip code where this person lives (necessary for resetting some online email site account passwords)."
24. Who was your first grade teacher? "A common question asked by online email hosts to reset passwords"
26. Where were you born? "This question is just here to get you to answer the next question."
27. Where were your parents born? "Another common question asked by online email hosts to reset passwords"
33. What was the make/model of your first car? "Yet another common question asked by online email hosts to reset passwords"
37. What your name would be if you took your mothers lastname instead of dads? "OH never answer this one, because your mothers maiden name is a common answer to access banks and credit card company files. Anyway, this is also another common question asked by online email accounts to reset passwords"
44. Do you know when/where you were conceived? "Just here for fun, it's a shocking question so you will be more comfortable answering the next question"
45. What is your DOB? "Most people already know this, but most sites require this to reset passwords."
Now do you know the inherit dangers of innocent looking online surveys? If you really think about it and test it, some online email providers only require your username > press forgot password > insert country (easy) > zip code (also easy to get) > DOB > Answer a secret question > Reset password.
So in all actuality, the only thing that you really need is the answer to the secret question which is given if you insert all the other information. Just grab an online survey of 50 questions and insert that one question into the middle of the survey and DAG you're in!
Think again before answering these survey questions, because a cleaver social engineer may be looking for some information from you.
Good Luck and Stay Safe!
No comments:
Post a Comment