Falling for social media hoaxes shows a bigger need for better online awareness, according to Ben Yelin from the University of Maryland Center for Health and Homeland Security.
Yelin spoke on the CyberWire's Hacking Humans podcast about why people still believe Facebook posts that say you can stop Facebook from using your information by copying and pasting a message into your post.
"In the past, I've also seen people I went to law school with or people who really should know better," he said. "To think that by copying and pasting something onto your Facebook profile, your Instagram profile, that you're granting yourself any sort of legal rights is just hilariously preposterous....You would think that the people who are posting this would have come into contact with this in the past and would realize that it was a scam."
Yelin also said that the fact that smart people still fall for such a well-known hoax shows that there is a bigger issue than just annoying people on social media.
"To make a broader point, the fact that people can't see the warning signs that this is a fake post is kind of deeply concerning to me," he explained. "Especially when you have things like ransomware attacks, they come from posts that look an awful lot like this, from disreputable email addresses, a lot of capitalization, changes on fonts, you know, scary-sounding warnings about an action that must be taken. And if people are falling for something so obvious like this, what's to stop, you know, somebody who works for a city government, for example, from clicking on an email and bringing down an entire city's digital infrastructure?"
He emphasized that everyone needs to get better at checking the information they see online. This hoax, in particular, is easy to prove wrong if people would just get into the habit of checking facts before acting on them.
"If you have any doubts as to whether some social media warning is true, first of all, it's almost certainly not true," he said. "Second of all, paste it into a Google search. You can immediately see that this has been a long-running consistent Internet hoax that has been debunked by reputable news organizations. Think before you post, I think, is the advice summed down into three words. And just have a better BS detector. It's just incumbent on all of us to be able to identify BS like this."
Everyone can be tricked by social engineering, and you can't know how vulnerable your organization is unless you test your employees. Modern security training can help identify your organization's weak points and make employees better at resisting these types of scams.