Online quizzes, the fun time wasters where you and your friends learn interesting things about each other can come back to haunt you. While these quizzes predate social media and lived in email inboxes, making your answers to them public carries potential risk. Social media platforms such as Facebook, or blogs, or forums, allow the public at large to see your answers to these quizzes. So, what’s the big deal?
The big deal is the innocuous nature of both the questions and given answers. Whether by design or not, the questions posed by these quizzes can translate to security/secret questions for various online accounts such as email, social media, online banking, credit cards, financial investments, and health care to name a few. The answers you give in the quizzes could very well be the answers to your security questions. This would allow a malicious actor the opportunity to access your accounts by entering the answers you’ve given. Look at the following quiz, for example.
“Let’s take a break from life and learn about each other!!!
1. ARE YOU NAMED AFTER SOMEONE?
2. WHEN WAS THE LAST TIME YOU CRIED?
3. DO YOU LIKE YOUR HANDWRITING?
4. WHAT IS YOUR FAVORITE LUNCH MEAT?
5. DO YOU HAVE ANY KIDS?
6. DO YOU USE SARCASM?
7. DO YOU STILL HAVE YOUR TONSILS?
8. WOULD YOU BUNGEE JUMP?
9. WHAT IS YOUR FAVORITE CEREAL?
10. DO YOU UNTIE YOUR SHOES WHEN YOU TAKE THEM OFF?
11. WHAT IS YOUR FAVORITE ICE CREAM?
12. WHAT IS THE FIRST THING YOU NOTICE ABOUT PEOPLE?
13. RED OR PINK?
14. WHAT IS THE LEAST FAVORITE THING YOU LIKE ABOUT YOURSELF?
15. WHAT WAS THE LAST THING YOU ATE?
16. WHAT ARE YOU LISTENING TO RIGHT NOW?
17. IF YOU WERE A CRAYON WHAT COLOR WOULD YOU BE?
18. WHAT IS YOUR FAVORITE SCENT?
19. WHO WAS THE LAST PERSON YOU TALKED TO ON THE PHONE?
20. HAIR COLOR?
21. EYE COLOR?
22. DO YOU WEAR CONTACTS?
23. FAVORITE FOOD?
24. SCARY MOVIES OR HAPPY ENDINGS?
25. LAST MOVIE YOU WATCHED IN THE THEATER?
26. WHAT COLOR SHIRT ARE YOU WEARING?
27. SUMMER OR WINTER?
28. HUGS OR KISSES?
29. WHAT IS ON YOUR PHONE LOCK SCREEN?
30. WHAT DID YOU WATCH ON T.V. LAST NIGHT?
32. ROLLING STONES or BEATLES?
33. WHAT IS THE FARTHEST YOU HAVE TRAVELED?
34. DO YOU HAVE A SPECIAL TALENT?
35. WHERE WERE YOU BORN?
Your turn!!!! Copy and paste then change to your answers.”
Let’s take a look at one typical bad security/secret question: “What is your favorite food?”
In this quiz alone, questions 4, 9, 11, 15, and 23 are all questions dealing with food. #23 in particular is the security question “What is your favorite food?” The number of questions here pertaining to “What is your favorite food?” gives a malicious actor five attempts to answer your security/secret question.
What other risks are there, aside from security/secret questions being revealed? Here’s another quiz to look at.
“In honor of upcoming Mother’s Day: TELL US ALL ABOUT YOUR FIRST BORN
1. Did you have an epidural?
2. Was the father in the room?
3. Were you induced?
4. Did you find out the sex?
5. Due Date?
6. Did you deliver early or late?
7. Did you have morning sickness?
8. What did you crave?
9. How many pounds did you gain?
10. What was the sex of the baby?
11. Did you have complications?
12. Where did you give birth?
13. How many hours were you in labor?
14. How much did your baby weigh?
15. What did you name the baby?
16. How old is your baby today?
Come on mamas! Let’s hear your story!”
By answering the questions to this quiz, a bad actor can cobble together information for identity theft. What are some of the important questions?
#5. “Due date?” The answer to this question could reveal a close approximation to the actual delivery date.
#10. “What was the sex of the baby?” An answer to this question will obviously reveal if the baby is male or female.
#12. “Where did you give birth?” If the name of a hospital is provided and it’s location, this information will be important to someone wanting to further build an identity.
#15. “What did you name the baby?” An answer to this is also another important piece to creating an identity
#16. “How old is your baby today?” The answer to this question, with a little bit of math (Current year – Age of “Baby”) will provide the birth year.
So, the information we have is:
Date of birth
Place of birth
Lurking around online, a malicious person could start piecing together more information in attempt to complete the identity. The end goal is to have your child’s social security number (SSN). With an SSN, a person can use it to create a new identity, apply for loans, and open up bank/credit card accounts, to name a few things.
What are somethings you can do regarding these online quizzes:
If you are absolutely compelled to share your answers, send it to people you know either by email, or Facebook’s chat, with the caveat that the Internet is forever and the person you share the quiz with could very well post it online somewhere.
Read through the questions and ask yourself “Does this look like a security/secret question?” or “How can this information be used to steal my/my child’s identity?”
In the broader scheme of things, when creating answers to your security questions, if you don’t get to create the question itself, lie. Make the answer memorable, but hard to guess. Treat it like a second password. Or use a password management application and generate a random password to use as the answer. Save the answer in the password manager.
If you suspect, or want to be proactive, the FTC has some helpful information which you can find here.