Tuesday, March 29, 2016

How Not to Cold Call

Got this gem this morning...
"I'm trying to reach the person who manages [your company]'s SEM / Paid Search. I have several contacts on file but was hoping you could point me in the right direction so I can spare your colleagues' inboxes from similar emails in the future."
So... if I tell you who to specifically pester, you promise not to pester all my co-workers the way you're currently pestering me? What made me the lucky winner, or do you tell everyone they're getting your special attention?

Tuesday, March 01, 2016

You won't believe what these simple memes are capable of.

We were talking recently about why anyone would post something so silly - what's the point?

My wife had a theory - this is all about harvesting data about people.

When you interact with something on Facebook, you're sending signals. Signals about what you like, signals about what you're interested in, signals about what you're likely to interact with in the future.

In simplest terms, it might set you up to see more of these in the future.  Or then present them to your friends and friends of friends as things they might be interested in.

In more nefarious terms, it could...

...dictate the kind of content you see in "the people who liked this may also like"

...soften you up for later clicking "like" on things (which gives them even more access to information about you)

...lead you to places with fake "like"s and "share"s designed to install virii on your computer

And even...

...learn more about who you are for the purposes of identity theft or identity appropriation.  It is true that people can only learn as much about you as you allow through your Security Settings on Social Media, but that's far more than they'd know if they didn't know you existed.  They may not have enough about you to steal your identity, or you may not have anything they want to steal.  But, you may be the friend or relative of a larger target.  As you engage with things, people are scraping that information - and the graph of who you know and who your friends know and that can all lead to social engineering.

If you get an email or chat request from someone you don't know or a name you barely recognize, but you recognize other recipients as part of your small social circle or the relative of a friend, you're going to trust it more. They know details about people that you know, they know the kinds of things you engage in or are motivated by, they know how to talk in a language you understand.  Suddenly, that nephew's wife stuck in New York after a business trip because they got mugged is someone you're happy to wire money to.

So... harmless?  No.  Think carefully about anything you interact with.  And if it seems silly, skip it. Let someone else be the target.