Online quizzes and surveys that appear to be innocuous personality tests can be more revealing than you think — exposing personal information, potentially leaving you open to fraud.
Quizzes in particular tend to ask personal questions, such as: “What is your favorite breed of dog?” or “What was your favorite band in high school?” — the same kinds of prompts you’re often shown to gain access to private accounts, like your bank account, using multifactor authentication.
Building a puzzle
Sometimes, bad actors behind these quizzes collect snippets of information you share online and use it to put together a fuller picture of your identity.
“Someone is putting together a puzzle of you,” said Amy Nofziger, director of fraud victim support at AARP. “Not every one of those quizzes has a nefarious reason behind it, but we’re not in a place when we’re filling them out to decide if our personal information is going to be hacked. So let’s just not do them.”
In other words, when you answer a security question to access your bank account, such as “What’s your favorite ice cream?” often the answer is one you’ve already divulged in a quiz. A scammer who has captured this information can use it to impersonate you.
“Someone might already have answered all of those questions for fun in one of these social media quizzes,” Nofziger said.
Indeed, the model of your first car and the name of the high school you attended are common answers to both online quizzes and account security questionnaires.
The Federal Trade Commission recently warned that “the more information you share, the more you risk it being misused.”
“They use your quiz answers to try and reset your accounts, letting them steal your bank and other account information,” the agency wrote in a blog post warning consumers about the potential dangers of online quizzes.
A good time to lie
A scammer may already know your date of birth and address, and may only need to know the name of your first pet to access one of your online accounts. By taking a quiz, you could be providing them with the remaining piece of information they need to steal your identity.
When an account does require that you answer security questions such was, “What is your mother’s maiden name,” don’t answer them truthfully, the FTC advises.
“Treat them like additional passwords and use random answers, preferably long ones,” the agency said. Use a password manager to store and retrieve them when prompted.
In 2021, more than 95,000 people reported roughly $770 million in losses to fraud taking place on social media platforms in 2021, according to the FTC.
“We know there are criminals on social media looking for people to provide personal information,” AARP’s Nofziger said.