Social Engineering: The use of social media quizzes to steal sensitive information from users
Have you seen Facebook account asking you questions like:
What Bank are you using and why?
What is your date of birth so we can find a match for you…?
What is your favorite vacation location?
Which school did you attend as a child? So we can help you find your old school mates…
Better yet “Post a picture of you smiling”….
The “fun” can lead to identity theft and phishing scams
That’s Social Engineering at work.
These questions and many others like it pour into social media news feeds daily. To get the answer, you often have to respond to a few seemingly random personal questions that have been set up like a fun quiz. The topics are typically light-hearted like “What is your pet’s name?” or “What is your Mother’s name?” They’re meant to seem so light and fluffy that anyone looking for a boredom-killer might be amused by them. And that’s the point.
The creators of these quizzes want them to appear harmless. They want everyone to engage playfully with them. Because in truth, many are phishing attempts at your personal data. And even those that are not can be dangerous because bad actors are always scraping social media sites for data. Data scraping is when someone pulls publicly-available information and builds profiles out of it.
The questions in these quizzes are all meant to tease out as much personal data as they can possibly get from you, including hints to your passwords and identity verifications, such as “What was the name of your first pet?” or “What street did you grow up on?” At the end of the string of questions, you will get a made-up answer, such as “You belong in Gryffindor!” At the end of the same string of questions, the data scrapers will have enough to start building (or adding to) a profile of all your information.
Some of these data mining ruses appear as multi-question quizzes, but others can be a single question, such as, “What is your zodiac sign?” The questions are social-engineered to get you to think, “Oh, that would be interesting to learn, let me find out.” Then you look it up, you add your answer to the post, and forget about it. Meanwhile, the data scrapers now have the year, maybe even the week, you were born. And they add it to their growing profile of you.
It’s not enough to steer clear of those quizzes yourself – spread the word and remind your loved ones as well. The elderly and the very young are particularly susceptible to this kind of social engineering, and they should be forewarned. It does not take too much data before a cybercriminal finds an angle of attack on a victim. Their end goal is to have enough information to launch a phishing scam or, even more immediately devastating, identity theft.
Social media is meant to be fun – and it can be – but we have to remember everybody is on the platform with different intentions. Some are looking for distraction, some are looking for a laugh, and some are looking to scam. Keep this in mind and avoid that silly quiz the next time it turns up in your news feed. You can belong to any Hogwarts house you darn well like.
Also, stay safe on Facebook by enabling two-factor authentication (2FA) so nobody can hack into your account.