We know, we know…they’re soooo tempting, and fun! But there are some very real hidden dangers of online tests, quizzes & surveys that you should know about before you click.
The very fact that online quizzes are so popular is what makes them risky. They have unfortunately become ideal tools for cybercriminals who are happy to capitalize on their popularity for their own malicious purposes. Facebook and other social media sites are filled with them, making it tricky to know which ones are safe and which ones aren't.
In other words...this is why we can't have nice things!
While they should be a fun way to maybe learn something, kill time or share some interesting content, the danger lies in the answers you provide and the clicks you make.
Your responses could be giving away more than just your personality type
By nature, quizzes, IQ tests and personality tests – even if they are silly or tongue-in-cheek – are designed to get you to provide personal information and/or click on malicious links.
We intuitively know that it's based on personal information, so to some degree, you let your guard down when take one of these quizzes…after all, you want a good, shareworthy result, right?
The problem is that without realizing it, you could inadvertently be providing personal information that can lead to identity theft. (You also may allow a hacker to access personal details in your profile, or accidentally click on a malicious site and end up with a computer virus.)
Consider this: the posts or quizzes that ask the name of your favorite teacher, your childhood best friend, where you were born, the name of your first pet…those are the very same questions that legitimate sites ask when you establish an online account.
By answering these questions, you could actually be giving out the answers to your security questions.
These scams don’t always come in the form of a standard quiz or survey either.
Take the “10 Concerts I’ve Been to” post challenge that appeared on Facebook earlier this year. The object here is to make a list of 10 concerts – 9 of which you’ve been to, one that you haven’t.
The challenge to your network is to call out the one that you didn’t really go to, proving how well they know you.
It may seem innocent on the surface, but one of the top security questions for many sites is “What’s the first concert you ever attended?” By participating in and sharing this post, you’ve provided the answer.
Taken alone, these may still seem like non-issues. But when you consider how this detail could be added to an ongoing profile that has been built over time and from various sources, it is clear how it can lead to identity theft.
Bad Links and Too Much Access
You may also be prompted to click on links based on the answers you provide, and those links could be part of a larger phishing campaign designed to steal your information or download malware onto your computer network. Using the information you've provided, these tools are smartly designed to lead you to sites that the creators know - based on your answers - you will be hard-pressed to resist clicking on.
In some cases, the quiz will even ask you directly if it’s okay to access profile information such as your personal details, photos or even your friends’ information. Too often, users will simply hit “Allow” without really thinking about what that really means or the consequences.
How to Avoid the Risks
The best way is the simplest way - just avoid taking them. While not all of them are scams (in fact many of them really are harmless), identifying the scams ones can be difficult.
But if you’re not willing to go cold turkey, there are things you can do to better protect yourself. These include:
Know the risks and stay alert. It pays to be skeptical and take time to review a quiz that shows up in your feed before you decide to click on it. Pay close attention to the source…if you don’t trust it, it’s better (and safer) to pass.
Keep your privacy settings high:
It’s a good idea to periodically review your privacy settings for Facebook and other social media sites. Best practice is to set “who can see my stuff” to Friends (not friends of friends) or even to "Only Me".
Limit the personal details that you share:
Less is more when it comes to any social media profile.
By including details about where you went to school (What was your school mascot is another popular security question…a quick internet search will reveal that answer if a hacker knows where you went to school), your birthdate, and where you grew up you are providing information that can be used to complete your online profile for an identify thief targeting you.
Check the links before you click:
One quick tip is to hover over the link, and review the URL that gets displayed. Does it match the site you think you're on? Are there any obvious mispellings contained? If so, To learn more about how to check a link without clicking on it, check out this article.
You should also stay away from any quiz that:
- Asks for a credit card number in order to obtain your results (or for ANY reason)
- Promises something for free that would normally cost money
- Promises something “sensational”, “explosive” or “shocking” at the end of the quiz – this is pure clickbait and should be avoided
- Offers some type of reward for taking it
The Better Business Bureau has previously warned about the dangerous of Facebook IQ Tests in particular, and they also have some good information on what to look for and how to report a scam quiz if you come across one.
A Cautious Approach is the Best Approach
Whether it’s a quiz, an email with an attachment, an offer of a great deal, or a simple Friend Request, it pays to question everything in cyberspace these days.
Social engineering tactics have increased in sophistication, and basically anyone with an email address is being targeted by one scam or another.
The cyber-threats facing every computer user and every business network are only going to get worse in 2018, making it critical that end-user education is a core part of every company’s ongoing risk management strategy.
To help, we've put together a cybersecurity resource center that includes downloads of resource guides, infographics and other articles that can support your efforts to raise the cyber-awareness of your team. Use the button below to visit this information-based center and take advantage of a host of free, helpful resources.