Published: July 14, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
If you want your product to get any type of attention, you can bet that social media is a place to put it. You know that game Wordle that’s all the rage? You likely hadn’t heard about it until your friends started sharing their results on social media. And when you see one of those cute little quizzes that compares you to a Disney Villain, you might be giving up more than your latest Wordle score, should you decide to play that game.
That particularl Disney quiz is making another round on social media. Truth is, it never disappeared, but was merely hanging around in the background waiting to strike. You see, the problem isn’t with participating in the quizzes themselves, but with the information all of those social media quizzes collect. It might all seem harmless, but some of them get quite detailed and ask you to name which of your siblings is the nicest, what was your first car, or who’s your most adventurous uncle, for example. All of this information connects you to another person—especially if you tag them—or provides valuable information to a would-be hacker. Think about it. That uncle question just may give up your mother’s maiden name. Other valuable answers could be your favorites: colors, cars, foods, etc. All of that information is useful to an attacker, especially when they are spearphishing.
Remember that word? Spearphishing: Using specific details about the target to try to lure them into believing a link, attachment, or social engineering attempt is legitimate. Well, all of that information that you answer in those quizzes can be collected and used against you.
The best way to avoid this is not to answer the quizzes at all. If you just cannot resist, don’t share the answers on your feed, which really takes the fun out of the quizzes, but it’s really the best way to avoid having your information used against you or someone you know.
Financial institutions are particularly not fond of these types of quizzes. The Better Business Bureau (BBB) has warned of them stating that some of the answers are “common security questions for insurance, banking and credit card accounts. Social media data and quiz answers can be used to steal your identity or enable a scammer to impersonate you.” No one wants that...except the attackers, of course.
There are more tips from the BBB:
Always be skeptical. Just because something looks like fun, doesn’t mean you should participate. There may be significant risk.
Limit what information you share on social media. The less that is posted for all the world to see, the better.
Secure your accounts. Choose the strongest security settings you can and enable multi-factor authentication (MFA) when it’s available.
Be wary of friend requests. If you get a friend request from someone you don’t know, don’t accept it. These could be scammers. If you get multiple requests from someone you’re already friends with, send them a note first to make sure their account wasn’t duplicated by someone else. This happens often.
Keep your security question answers safe. If you choose to take one of those quizzes and you’re asked something that is a security question answer, don’t answer it truthfully. Don’t give away your sensitive data.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org