Do those questions seem familiar?
They should. You see them all the time in the Facebook questionnaires that pop up in your newsfeed.
They’re also the same security questions financial institutions use to verify your identity.
Oops.
Facebook quizzes feed on our desire for social connection — especially during a pandemic.
We humans are social creatures. We need to feel like we belong. Facebook and other social media platforms give us a way to do that — especially for introverts like myself, and especially during a pandemic. So, to escape boredom and foster connection, we answer those questionnaires We need people to see us.
Sometimes, though we reveal too much
There are two primary types of Facebook quizzes that put our data at risk. Let’s look at each of them.
“Let’s get to know each other” Facebook questionnaires
You know what these are. I see them all the time in my feed. They’re all seemingly innocuous, in the vein of “let your friends get to know you better.”
So you answer questions like the ones above and tag your friends, who then answer the same questions and tag their friends — ad infinitum.
The case of the low-hanging fruit
Not all Facebook questionnaires are created by social engineers, but they still make you vulnerable to lurkers trolling for low-hanging fruit. And that’s exactly what you become when you provide the internet with the answers to common security questions, especially if your Facebook profile is set to “public”.
Once you see it, you can’t unsee it. And you can’t undo it, because your Facebook quiz answers have probably already been downloaded or screen captured by somebody.
That’s when when you realize you would be very, very wise to run away from Facebook questionnaires like you were being chased by a hungry zombie.
What can data miners do with this information?
Plenty!
- Whether it’s a lurker or a social engineer trying to guess your passwords and/or steal your login information, it’s not even that hard. Think about this: One in six people use their pet’s name as their password. So if you’ve revealed your pet’s name in one of those questionnaires, that’s the first thing hackers are going to try.
“Bella” is the most common name in the U.S. for both cats and dogs.
Naked Security
- If they can’t guess your password, they can attempt to reset it by using your Facebook quiz answers to get past your security questions. Once they do that, they can go on to steal your identity or open accounts in your name.
- If they can’t get the job done the first time, they can combine your answers with your friends’ answers to find more clues.
- If that doesn’t work, they’ll store your information in a database and add to it the next time you answer one a questionnaire.
The more quizzes you answer, the more you feed the data-mining trolls.
And if you think you’re safe because nobody has time to do all of that, guess again: Most of it is automated.
Facebook quiz apps
Facebook quiz apps kick things up a notch. For one thing, they’re surprisingly irresistible. (Who doesn’t want to know which Disney princess they are or which state they should live in? ) They’re also quite sophisticated, because the social engineers who develop them are very, very good.
-Social engineering is the manipulation of people into performing actions or divulging confidential information
Tech Republic
That’s why, before they let you answer the questions that will reveal your celebrity soulmate, you have to consent to a of Terms of Service agreement in which you give the developer access to some pretty important stuff:
- All of the information in your profile: Name, age, sex, hometown, etc.
- Everything you’ve ever posted, including pictures (Remember the quiz that revealed your most-used word from the previous year? This is how they do it.)
- Your employer and current state of residence
- Every post you’ve ever liked
- Your IP address
- The name and version of the browser you’re using
- Your entire friends list (Have you ever thought about asking before sharing? I haven’t — until now, anyway.)
- Your first-born child
- Permission to share all of your information with the NSA
OK, those last two are fake, but they came from a real study designed to find out how much time people spend reading those agreements before clicking “I consent.” Unsurprisingly, the results were scary: Nobody reads them. But we knew that anyway, right?
In addition, these third-party Facebook quiz apps pose a danger above and beyond just getting clues to your password or security questions: They download code that lets them continue operating in the background, continuing to data mine long after you’ve forgotten you ever took that quiz.
Why do so many of us fall for these social engineering tactics?
Because most of us aren’t constantly on the lookout for somebody trying to scam us. Mainly, though, it all goes back to one simple concept:
We crave social connection.
And Facebook quizzes provide that. But here’s another simple concept, one much older than social media: Follow the money.
Nothing is free. If you’re not paying for the product, you are the product.
Nobody is creating these Facebook quiz apps for just to make social media a happier place. So it’s time to face reality:
You’re gonna to have to break your addiction to Facebook quizzes and questionnaires.
Thanks to coronavirus, many of us have been bored sick for the last year and a half. And it’s not looking like it’s going to get better any time soon.
But please skip these quizzes in favor of watching another episode of Plathville or 90 Day Fiance…you know, the kind of show that can actually make you feel like you’re living your best life instead of feeling like you’re falling behind because of how many bucket list items your Facebook friends have checked off!
Leave a Reply