You know those ‘fun’ social media posts that put together a ‘name’ for you by combining your first pet’s name with your street name?
Or it might ask for your childhood best friend, or your first car..?
They’re not as innocent as they look, and should be avoided at all costs.
There are countless versions of these that have circulated as long as ‘chainmail’ and social platforms have existed, but they’re much more insidious than they are fun.
The reason that they’re dangerous is because the information it asks from you is actually quite sensitive, and actually can constitute your online passwords.
Cybersecurity expert and professor of computer science at Dalhousie University Nur Zincir-Heywood has some straightforward words of warning.
"Never do these,” she told CBC earlier this year. While one quiz might not reveal the information needed to verify your identity, this information might be gathered across multiple quizzes – and this could lead to access to your bank account.
"Maybe they are watching [your] social media in general, they know your location, they know other things about you," Zincir-Heywood said.
“All of these then put together is a way to collect your information and, in your name, maybe open another account or use your account to buy their own things. It can go really bad.”
Some cybercriminals might even go a step further, said 1Password’s Sarah Brown in a blog post in 2018.
“Some quizzes send you to a site where you add the information directly, or a game asks to connect to your social media account to access your data,” she wrote.
Not only do people think the quizzes are all fun and games, but people who take them often share it with their friends and encourage them to do it, too.
“Unfortunately, it’s no coincidence that a lot of the information they request is the same information used to answer the security questions websites ask when you set up an account.”
Police and security professionals have been aware of these ‘quizzes’ for years. In December 2017, a police department based in Massachusetts flagged the risks in a Facebook post.
“Please be aware of some of the posts you comment on,” the post states.
“The posts that ask what was your first grade teacher, who was your childhood best friend, your first car, the place you [were] born, your favourite place, your first pet, where did you go on your first flight, etc… Those are the same questions asked when setting up accounts as security questions,” the post states.
“You are giving out the answers to your security questions without realising it.”
Though many such meme posts and questionnaires are genuinely created for fun, some are created with the specific intention of obtaining data and opening lines of credit in other people’s name, police warned.
Consumer privacy platform IDX also warned about the quizzes, and how users can find themselves hacked in worst case scenarios.
“In a recent example, Ukrainian hackers lured over 60,000 Facebook users to take online quizzes that installed malicious extensions in their browsers. The data-scraping extensions then secretly sent those users’ profile information and friends lists to the hackers,” the platform warned in a 2019 blog post.
“In another case, a survey about concert attendance was used to gather answers to common security questions used for financial and other accounts.”
What you should do
The best form of protection is prevention: simply don’t engage in the posts to begin with.
But if you think you already have, try to go back and find and delete the post you commented on.
You can also revisit your privacy and security settings on the social media networks you have accounts on and tighten them.
Where you can, set up two-factor authentication. If you have a scam you need to report, let Scamwatch know.
Want to hear Australian influencers reveal their best finance tips? Join the Broke Millennials Club on Facebook, and receive one hot tip per day in December.