Ever since Prince Harry and Meghan Markle tied the knot last Saturday, my news feed has been flooded with Royal Wedding coverage, updates, opinion articles and quizzes. In fact, one of the quizzes I came across the other day was titled, “What’s Your Royal Guest Name?”
Seemingly innocent, this quiz provides you with “your new royal identity,” and has since swept the Internet. But, what makes this quiz so cleverly dangerous is that unbeknownst to those who are participating, their answers could help scammers get their hands on some sensitive data.
While it’s likely that you and your clients may not be taking quizzes like these (or maybe you are, I don’t judge), it’s yet another example of the power of social engineering and how easily people can be duped into divulging personal information. In this post, I’ll cover how this scam works and what you and your clients should look out for.
Your Royal Name
As I mentioned, the quiz provides you with a new royal identity in the following format:
Lord/Lady ________ ________ of ________
To fill in these blanks, all you need to do is provide one of your grandparents' names, the name of your first pet, followed by the name of the street you grew up on. This would end up looking a little something like this:
Lord/Lady [Grandparent's name] [first pet's name] of [street you grew up on]
Hmmm... where have we seen this type of information before?
The Royal Scam
If you’ve caught on, you’ll notice that this quiz combines the answers to three of the most commonly used security questions.
- What is the name of your favorite grandparent?
- What is the name of your first pet?
- What is the name of the street you grew up on?
By sharing your “royal name,” you’re giving away the answers to the questions you’d be asked in order to reset a password or login to a system through some alternative approach. Similarly, this information could be used to gain access to banking accounts, social media accounts, work email, etc. If cyber criminals get a hold of this information, they could use it to hack into these accounts as well as other systems.
Sometimes, human error can get the best of us. As an MSP, the best thing you can do is to remind your clients to always be wary. Be wary of potential phishing emails that may be asking for sensitive information. Be wary of the information you share, especially on a space as public as the Internet. And, if and when clients come across scams such as the one above, you can position yourself as a trusted advisor by encouraging them to reach out to you for advice and next steps.
These days, you can never be too careful when it comes to personal/sensitive information. Be sure to warn clients and end-users about making this information public, or it could cost them... royally.
Handpicked for you: