Viral Facebook memes might seem fun to engage with at first glance, but there’s often a more sinister intention behind them.

When it comes to digital security, in our experience, we find that technology isn’t usually the problem – it’s user ignorance. We apologize if that comes off a little blunt, but this is an important issue we need to talk about and hopefully, by the end of this article, you’ll see why.

You Haven’t Been Hacked, You’ve Been Duped

Often when a company is ‘hacked’, there’s no hacking involved. Most of the big hacks you’ve heard of in recent years (the 2020 Twitter Bitcoin hack as an example) are actually down to something called social engineering. This is, simply, when someone gets duped into giving away confidential or personal information that they should be keeping close to their chest. 

Phishing scams have been around for years. You know that Amazon email you receive that clearly isn’t from Amazon? It might not have fooled you, but if 100,000 people receive something like it, one or two of them are bound to fall for it. It’s a numbers game, after all.

Beware of Facebook Memes

One thing I keep seeing in my Facebook feeds are posts like this …

… and this.

They may seem innocent enough, but look a little closer and you’ll realize that these memes are simply trying to get you to post a response that includes commonly-used password reminder hints.

More recently, I’ve noticed these memes get a bit more creative.

It might be that you respond to a post like this one …

So where’s the harm here? 

Facebook’s algorithm always feeds you more of what you want. So if you respond to one of these ‘hook’ posts, you’ll see more and more in your feed, and eventually, one will be from a page that’s sneakily trying to phish some personal information out of you.

As much as we hate to admit it, too many people are still using the same passwords across all their accounts. Eventually, if a hacker or scammer gains access to your email, then they’re home free. They can simply do a password reset on any of your other accounts (such as social media, banking, work systems) linked to your email address. 

Achieving SOC2 Compliance is About Education 

At 14 Oranges, we are in the process of achieving SOC 2 compliance for a customer deployment. Even though there is a technical aspect of achieving some form of compliance, the majority of the work is not technical at all. It’s all about the process, change management, education, and the controls you have in place. 

Think of it this way: You could have NSA or CIA-type security in place, but if one of your employees leaves their key card in an unlocked car outside your office, someone can get their key card and ID badge, and just walk into the building.

The next time you feel the urge to comment on one of these viral memes with a nugget of personal information, stop, think and reassess. You could be giving someone the keys to your digital self. If you still want to play along with posts like this, answer them in your head, or on a piece of paper … and keep it to yourself. 

About the author: Sylvain Marcotte is CEO and President of 14 Oranges.

Stop Giving Your Password Hints Away