Tips & Advice

Steer clear of social media quizzes

Christopher Budd 8 Sep 2021

The data-scraping “fun” can lead to identity theft and phishing scams

Which Hogwarts house best suits you?
Who do you most resemble in the Marvel Cinematic Universe?
What is your fancy-shmancy royal name?
Where are you most likely to find true love?

These questions and SO many others like it pour into social media news feeds daily. To get the answer, you often have to respond to a few seemingly random personal questions that have been set up like a fun quiz. The topics are typically light-hearted (“What kind of poodle are you?”) or based in pop culture (“Which Disney Princess are you?”) They’re meant to seem so light and fluffy that anyone looking for a boredom-killer might be amused by them. And that’s the point.

The creators of these quizzes want them to appear meaningless and harmless. They want everyone to engage whimsically with them. Because in truth, many are phishing attempts at your personal data. And even those that are not can be dangerous because bad actors are always scraping social media sites for data. Data scraping is when someone pulls publicly-available information and builds profiles out of it.

The questions in these quizzes are all meant to tease out as much personal data as they can possibly get from you, including hints to your passwords and identity verifications, such as “What was the name of your first pet?” or “What street did you grow up on?” At the end of the string of questions, you will get a made-up answer, such as “You belong in Gryffindor!” At the end of the same string of questions, the data scrapers will have enough to start building (or adding to) a profile of all your information.

Some of these data mining ruses appear as multi-question quizzes, but others can be a single question, such as, “What was Best Picture the year you were born?” or “What song was #1 the week you were born?” The questions are social-engineered to get you to think, “Oh, that would be interesting to learn, let me find out.” Then you look it up, you add your answer to the post, and forget about it. Meanwhile, the data scrapers now have the year, maybe even the week, you were born. And they add it to their growing profile of you.

It’s not enough to steer clear of those quizzes yourself – spread the word and remind your loved ones as well. The elderly and the very young are particularly susceptible to this kind of social engineering, and they should be forewarned. It does not take too much data before a cybercriminal finds an angle of attack on a victim. Their end goal is to have enough information to launch a phishing scam or, even more immediately devastating, identity theft.

Social media is meant to be fun – and it can be – but we have to remember everybody is on the platform with different intentions. Some are looking for distraction, some are looking for a laugh, and some are looking to scam. Keep this in mind and avoid that silly quiz the next time it turns up in your news feed. You can belong to any Hogwarts house you darn well like.

Also, stay safe on Facebook by following my other advice – enable two-factor authentication (2FA) so nobody can hack into your account and download your Facebook data so you always have a copy should your account ever get hijacked or go down.