That fun “all about you” quiz on Facebook might seem harmless, but it could actually be a serious cybersecurity risk. Quizzes, challenges, and questionnaires on Facebook (and indeed other social media sites) can trick you into giving away valuable personal information. Some are straight-up scams. How can you spot scam quizzes, and what should you do if you fill one out?
What Are Facebook Quizzes?
We’ve all been there: you’re scrolling through Facebook and run into a quiz promising to match you with a fictional character. It might ask you to fill out a long list of favorites to share with friends or advertise “accurate results” for your Hogwarts house, for instance.
While these quizzes might look fun at a glance, they can actually be a big security risk. The most suspicious types are the “challenges” that have you answer a long list of questions. For example, a challenge might ask for your pets’ names, your favorite color, the elementary school you attended, or your mother’s maiden name.
The Better Business Bureau issued a warning about these quizzes—and they have a good reason for it.
Cybersecurity Risks of Facebook Quizzes
There’s a big difference between many Facebook quizzes and harmless online tests. A safe, just-for-fun quiz might ask for favorites but doesn’t ask for your name or any personal information. In contrast, quizzes you answer through a Facebook post are tied to your identity.
Take a look at the types of questions Facebook quizzes and challenges ask. They want things like the names of your pets, children, and parent, which are frequently used as security question answers. So are names of schools, streets you lived on, or even info about vehicles you’ve owned.
If you answer one of these quizzes as a Facebook post or comment, you give anyone on the internet access to your security question answers alongside your name. Hackers and scammers can use that information to break into your online, bank, and credit card accounts. This data could even be used to open accounts in your name and commit fraud or identity theft.
These quizzes are a form of phishing, a malicious hacking strategy that tricks you into giving away private information. You might know about phishing from spam emails you get once in a while, but it can appear on social media, too.
What to Do if You’ve Taken Facebook Quizzes
It’s natural to be concerned if you realize you may have taken a malicious Facebook quiz. If this happens, don’t panic. You can take action to protect yourself and make sure others don’t fall for the same trap.
Analyze the Quiz
First, find the quiz or challenge you responded to. What format was the quiz in—a link or a post? Did you fill out multiple choice questions on another website or type in custom answers on a post?
If the quiz was multiple-choice questions on another website, such as Buzzfeed, you are probably not in any danger. It is difficult to give away any personal information in a multiple-choice quiz since the answers are already written. There are also a few tools you can use to check if the link was safe or not.
Try to remember if the quiz asked for your name, phone number, email, or any other personal contact information. This could be a sign that the quiz maker was trying to tie your answers to an identity.
Take Screenshots and Notes
If the quiz you took asked for personal information or had you submit custom replies in a post or comment, bookmark it and take screenshots. Write down the username of the person who originally posted the quiz, too, although this is probably fake.
Screenshot or write down your answers to the quiz next. If possible, delete your quiz response from the post. In most cases, this won’t be possible and information might have already been gathered before you press “Submit”.
Report the Scam Quiz
Report the post to Facebook to warn the moderation team that the post could be a scam. Next, contact the Better Business Bureau using their Scam Tracker to report the incident. The BBB can investigate and warn other people about the risky quiz or challenge.
Contact your bank and credit card companies. Explain the situation so they can stay alert for potential unauthorized attempts to access your account. They can also provide guidance on securing your financial accounts, so the information from the quiz is useless to hackers.
You could warn your family and friends of the quiz, but don’t share it in case someone clicks on it without reading your warning.
Finally, submit a report to the Federal Trade Commission to alert them to a potential identity theft risk. This will help protect you and others from identity theft if the quiz gave away sensitive information to a fraudster or scammer. If you have an identity protection service or insurance plan, contact those representatives, as well.
Change Your Security Question Answers
It might be a hassle, but it’s a good idea to go through all of your important accounts and change your security question answers. Use the list or screenshot of your answers from the quiz to guide your changes. Don’t reuse any answers you gave away on the quiz.
In most cases, you can choose another question. But if you’re struggling to find security question options that weren’t compromised by the quiz answers, you can even use fake answers. Just keep track of what you said.
Some websites or services may allow you to secure your account without using security questions. If this is an option, it is worth using. For example, you might be able to use one-time codes sent to your phone or email instead of answering security questions to reset your password, i.e. two-factor authentication (2FA).
Staying Safe on Facebook
Facebook quizzes can be a serious cybersecurity risk, but you can take steps to protect your information. Before taking any quizzes on Facebook, take a close look at the questions. Stay away from quizzes that give you a bad feeling—always trust your gut.