Cyber Security Month Blog 1: Social Quizzes

Online social quizzes

We all like a quiz, well maybe some people more than others? I mean, I do love a pub quiz and I can’t help but join in, but it doesn’t mean I’m any good! Pub quizzes throw in the music round and you listen to the song, you sing along with it, as you know the words to the chorus, but can you come up with the artist who sang it, let along the song title…. no! The point is quizzes are fun and we like to test our knowledge, it’s a social thing.

So how about quizzes online, you know the ones all your friends play along with on Facebook to your test personality or reveal personal meanings? “What’s your favourite film of all time?”, “Who was your favourite band in the 60’s, 70’s, 80’s, 90’s etc.”, “What’s the name of the street you grew up on?”, “What’s the name of your first pet”…. do you join in?

Maybe you or your friends have joined in with quizzes like “Which Harry Potter character are you?”

Whether you join in these quizzes or not, if your friends do, then there is a chance that they have shared their friends list (which includes you), with the entity who commissioned the quiz.

You see, every time you or your friends join in with a social online quiz, your personal information your birthday, age, friends, photos, location, gender, sexual orientation, religion etc. is potentially being given freely to a 3rd party.

This behaviour is great from a hacker’s perspective. This type of hacking technique is known as social engineering and commonly used to support an attack, as information is being given away freely to an unknown party, which then can be sold on or used with other information, such as your email address, to attempt access to online accounts.

Often websites ask questions with the answers you gave in the quiz, which in turn provide potential responses to secret password reset questions. A script could then be run by a malicious person, which automatically tries all the combinations of responses you provided as answers in the quiz or as part of your social profile in the hope of obtaining access to one of your online accounts, hopefully not your email account. Free shopping vouchers?? That’s also likely to be a scam to gather your information, so remove them from your social feed.

So, what can you do to keep information safe?

  • Don’t join in these quizzes and encourage your friends and family not to do them either
  • Use different types of information to support the online environment. For example, a response to a question would be different for a bank andor work system compared to a personal use system.
  •   Use a technique to add additional characters to make passwords more complex, called ‘salting’. For example:
    • For personal use – !7!-password-!7!
    • Work Use – www-password-www
    • Banking use – *£*password*£*
  • Use strong passwords and never the same password on more than one site. Use a password manager like Lastpass, Dashlane, RoboForm etc. to record the different passwords. Don’t use Excel or back of a diary to make notes.
  • Amend your Facebook privacy settings
  • Set up additional protection on sites like Facebook, Google etc. by adding two-factor authentication, so if a malicious person tries to access your account, there is an additional step to go through and you will be notified.
  • Install anti-malware software (also known as anti-virus software) on your home computers, including mobile phone and tablets. If you need software, you could check AV-TEST who provide a website[1] with the results of independently test anti-malware software.
  • Blacklist or block any quizzes or free shopping vouchers scams, they will soon disappear from your timeline feed.

Read more, articles related to social quizzes:

Facebook ‘Most Used Words’ game accused of stealing and selling user data




Share this...

Share on email
Share on twitter
Share on linkedin
Share on facebook

Find out


Every day our teams of experts are analysing information like this, providing high-level need to know reports for our clients so they can continue to stay ahead and lead their industries.

Get an unfair advantage – subscribe to our mailing list by filling out the form opposite. You can find out how we look after your data in our Data Policy.

About the Authors