On Nov. 18, 2019, WTMJ, a television news station in Milwaukee, Wisconsin, reported that, “Facebook quizzes help identity thieves learn personal information, increasing people’s risk of being scammed.”
The story has reemerged periodically since December 2017, when Sutton police in Massachusetts first issued the warning. At that time, ABC News picked up the story and published an article with the warning on Dec. 20, 2017.
The story has been rehashed numerous times since it was originally posted in 2017. Prevention, a health and lifestyle magazine, for example, published a story on Dec. 26, 2018, warning:
“A nugget of information in isolation may not seem like a big deal, but combining that with other data that may be out there can result in a greater threat,” [Rachel Rothman, Chief Technologist for the Good Housekeeping Institute] said. “Be mindful of photos or posts that could give away information about your location or self (like your birthday) and consider if you are posting something that could be used to locate you offline or make it easier for someone to figure out any of your passwords.”
Rothman also recommends using “fake” information when filling out password recovery prompts (like your mother’s maiden name or the name of your first teacher) that isn’t trackable to you in any way.
But above all, it’s important to remember that everything you post on social media is public, no matter how secure your settings are.
In many cases, the warnings caution that making personal information public, as many of these quizzes do, could provide potential scammers with key bits of personal data that can enable them to hack into accounts. The Better Business Bureau also cautions:
Social media quizzes — especially popular on Facebook — seem innocent enough. But taking the quiz might mean you are giving away more about yourself than you originally thought, and may extend to your Friends, as well.
These quizzes ask seemingly silly or useless questions, but hackers can use that information to penetrate your social accounts and gain access to your personal information or the information of your friends and family.
Some quizzes are designed to steal your data in an outright scam. According to Khristian Ibarrola, of Inquirer.net “Once answered, hackers can easily hijack personal accounts and use them to lure in more victims.” The hackers will include links embedded in the quiz that can cause a security breach of your personal accounts.
But the latest news shows that it isn’t just scammers who are interested in your quiz answers. It turns out, your personal information is big business.
“We always knew someone was trying to trick us with social media quizzes, because they are free” says BBB’s chief security officer Bill Fanelli, CISSP. “If there is no charge, then the value is the data they can collect. We also knew that it was for a use we probably would not like, because they went to such great lengths to hide their purpose. Now we know we were right on both counts.”
Perhaps the best-known case in which a Facebook quiz ended not only with personal data being stolen but also claims that that data could have been used to influence an election involved Cambridge Analytica. The personal information from millions of Facebook users who took a personality quiz was stolen in the lead-up to the 2016 presidential election.