Whether casually checking social media or performing your nightly doom-scrolling ritual, you’ll come across TikToks or Instagram Reels with titles like “A Day In The Life Of” showcasing random corporate tech employees. They usually begin with their morning meetings, the number of emails they have to answer, their catered lunch of the day, and the count of free oat milk lattes consumed before 3 PM. Some of these videos have even gone semi-viral, partly because saying you work at Google or Meta can be pretty cool.

Until it’s not.

Cybersecurity organizations spend hundreds of thousands trying to secure their company assets and can still be taken down by a classic spear phishing campaign. It’s a tragedy really, but as a person in that profession, it’s almost comical because 99% of the time, these videos are perceived as harmless. You gotta laugh to keep from crying.

If you don’t already know, phishing is a method of tricking users into revealing personal information that can be used illicitly. Remember the Nigerian Prince email scam? That’s a type of phishing campaign. Spear phishing is like that, but it’s very specific and usually requires a ton of reconnaissance. However, now that TikTok and IG Reels have blown up these types of videos, the recon isn’t so bad.

Let me use a TikTok video as an example. The title was “A Day In the Life of a @ Meta.” I’m not going to link it due to privacy concerns, as I’m not a fan of sharing personal information unless it’s someone closely affiliated with Schmett Smavanaugh or Schclarence Schthomas. For legal purposes, that was a joke. Don’t do anything stupid.

Right off the bat, they’re telling me the company they work for, their job title, and their office location. While the location isn’t explicitly shared, the video alone shows major landmarks. They also provide their identity in the video, which can then be searched on other social media platforms, including their Venmo handle. By doing so, I was able to learn several things:

• Locations they’ve traveled to or plan to travel to
• Their relationship status
• Favorite activities

Now, a regular person may say, “So what?”

To a hacker, that’s enough to create a phishing campaign targeting that creator, their bosses, and even their loved ones. Spear phishing campaigns have become so much easier to curate due to the amount of information these little snippets contain.

I can even extend this knowledge and say that now that this video is out in the open, it is completely possible to find weaknesses within their office’s physical security to steal their data. For all intents and purposes, this is all educational. Don’t go hunting down this person, and don’t bother trying to figure out their badge’s frequencies.

My point is, cybersecurity professionals like myself die a little bit on the inside every time we have to lock down employee accounts or rotate company passwords because someone decided to be cool and post their source code on a reel. It’s annoying and takes up a lot of resources and time to clean up a mess that could’ve been avoided in the first place. Security awareness inside and outside of work is an easy step to protect yourself. You don’t want to be the person people make fun of for falling for that phishing email.

The solution? Don’t be careless for the sake of internet clout. Sharing what you ate during the day is fine. Sharing your quad chocolate mocha hazelnut coconut milk latte is also fine. If you’re going to take a video, how about showing your keyboard instead? Type “qwerty” and laugh. If all else fails, I’ll see you at next week’s emergency phishing training.