What do the model of your first car, your favorite hobby, and the high school you attended have in common? If you said they’re questions commonly used for online account security and online quizzes, you’re correct! Before you take a quiz to find out which Marvel character you are, ask yourself: Do I know who’s gathering this information about me — or what they plan to do with it?
Personality tests, quick surveys, and other types of online quizzes ask seemingly harmless questions, but the more information you share, the more you risk it being misused. Scammers could do a lot of damage with just a few answers that give away your personal information. We’ve heard about scammers phishing for answers to security question data through quizzes. They use your quiz answers to try and reset your accounts, letting them steal your bank and other account information. Some scammers hack social media accounts and send malware links to friends of the hacked account holder under the guise of sharing a quiz.
One major way to protect your personal information — in addition to maintaining strong passwords and using multi-factor authentication — is to steer clear of online quizzes…or just don’t answer them truthfully. As for accounts that require actual security questions, treat them like additional passwords and use random answers, preferably long ones, for those too. Asked to enter your mother’s maiden name? Say it’s something else: Parmesan or another word you’ll remember. Or use a password manager to store a unique answer. This way, scammers won’t be able to use information they find to steal your identity.
If you suspect that an online quiz is a phishing scam, tell a friend. Then, report it to the FTC at ReportFraud.ftc.gov.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.
What about surveys from Organizations that you belong to? and come from Survey Monkey? Are these safe?
In reply to What about surveys from… by Ann Joseph
I've been dealing with one particular survey that seems to have infiltrated Branded Surveys. Any time you open a survey - company identified providing survey - DKR1 Surveys hijacks the site. I have reported this to Branded Surveys with screenshots and copies of the URL. I have yet to hear anything back and DKR1 is still hijacking every single survey on the site.
You provide good and solid information that can be used by your readers. I tried to also do your survey, but it goes into details I couldn't possibly provide.
Why aren’t these platforms being charged for aiding criminals and scammers. They know what they are doing and have been charged with corruption for censorship with the fake president and his administration
I am victim Phishing scams identity theft online security and privacy fraud exploitation racism discrimination by media social media crown corporation CIA FBI FCC IRS DND DHS DOS SUPREME COURT FEDERAL COURT GENERAL POLICE POLICE CONGRESS
We keep getting several telephone surveys every month asking for information also! We tell them that we DO NOT give surveys over the phone, and then we just hang up on them!
thanks for the information, what should I do if I have already done this quiz issue?
In reply to thanks for the information,… by Melvin BB Grant, AIA
The Social Security Administration uses these trite questions in its log-in requirements. So does each of the Big 4 Credit companies like Equifax. Why doesn't the Administration get them to change those uses and requirements? The password manager company LastPass gave away its entire vault backup of customer data to hackers because it did not keep that data encrypted. Which federal agencies, like the FTC and CFPC regulate that category of business, if any? If new legislation is required to give those agencies jurisdiction and enforcement power, ask Sen. Elizabeth Warren and Sen. Ron Widen to write it.
GOOD INFO WILL HEEED!!!
Haven't there been reports of password managers being hacked?
Who'd have know something that seems innocent can be something that could be so dangerous!
The F.T.C. needs to investigate Facebook which is my primary source of attempts to scam me. Imposters hack accounts and ask to accept them as friends (often imposing as friends I am already on my friend list). The most recent attempt was hacking an elderly lady and replacing her profile photo(s) with a young HOT woman showing a lot of skin. Not long after one accepts one of these requests you get a message from them "Hello! How are you doing? Have you heard the good news?" The good news is typically about some government grant, etc. GO AFTER THESE CROOKS MOSTLY BASED OUT OF NIGERIA!!!!!!!!
In reply to The F.T.C. needs to… by Howard Pritchartt
If you suspect a phishing scam, tell a friend. Then, report it to the FTC at www.ReportFraud.ftc.gov.
In reply to The F.T.C. needs to… by Howard Pritchartt
This is great useful information above but you also are so completely right. Someone was actually able to get into my Experian account due to all automated systems to answer questions. Most answers could have come off my Facebook profile and anyone could answer. I still have not gotten through to Experian to this day!
Thank you for opening my eyes! I had no clue scammers could do this with seemingly innocent quizzes! Good to know!
Thanks the warning.
I noticed that on my phone I message that says citi bank alert. I am afraid everything talikg about bank.
I don't do online banking.. I am afraid of security breach... thanks this educational warning . I will read it again.
TIK TOK, a social media app owned by China was asking me my full birth date before I could use it. It stated that they would not publish it publicly. I decided I do not need to use that app, I was only curious so immediately deleted it from my iPad. Do not use your real birthdate in any app. It is just one more step to get closer to your financial information.
I did send to many complaints about compans fraud and i didn't received any answer only the case number when a i tried to check nothing appear... last complain was if they know about identity theft happened me in a clinic a received al information to how request the refund it was programmed to january but dont see any refund . i call to the and they say the case was stopped dont tellme why
i did sent to the ftc request if they know about and way this case is stoped.. and i still waiting for the answer
Ok, but… how do I know which PASSWORD MANAGER TO TRUST?! In these screwed up times, it seems like not only do we have to worry about “hackers” or malware or phishing scams and everything ELSE we ALREADY have to worry about.. but now it seems like just about every other site or app we use, sometimes multiple times a day.. is collecting OUR information and selling it to make a profit off of OUR information… and doing so very well, at rates that exceed whatever MEAGER AT BEST accommodation their website offers or provides to us. It’s not just PREVALENT in the commercial universe, IT’S RAMPANT. Even worse, these companies have provided so little in return for the information they “collect and use for business purposes at their sole discretion” (yeah, I’ve read the standardized EULA from beginning to end.)
Which, to ME… doesn’t include “making money by selling off YOUR PRIVATE, INTIMATE INFORMATION to YOUR ‘business partners’, while continuing to ‘provide’ a ‘service’ which I may only use once and decide I hate it -too bad for me, GREAT for YOU- or once in a blue moon, or once a DAY.”
To be honest, when I first signed up for my very first Gmail account, I ready the EULA… just to see what it said.. and yeah, there are some laypersons mental acrobatics to perform in understanding the general thing, but nevertheless, I understood it well enough, I thought.
So, I wasn’ SHOCKED or SURPRISED or even dismayed really when Google’s Gmail took its place on the media hot seat because enough people, enough consumers had raised complaints or concerns when they began receiving unsolicited emails sent to them from random sources they didn’t previously have ANY IDEA even existed… because their email address and non-identifying information had been collected, aggregated, compiled into a demographic-specific list (or a collection of demographically specific lists, for all I know) which was then sold to the highest bidder. Back then, then- 20 years ago- they maybe didn’t collect AS MUCH information… CONSTANTLY, but at that point, I don’t think ANYbody, me particularly, would ever have imagined that it wasn’t a “one & done”, single-use, limited authorization… that we were agreeing to ONGOING STALKING BEHAVIOR… in exchange for the use of the product. Nobody was used to any sort of subscription beyond magazines, newspapers and jam of the month… nobody ever enjoyed paying monthly for those things even when they were $2 a MONTH, and now EVERYTHING iIs by subscription. How is this good? How is this beneficial to the MAJORITY? We can’t even buy food that’s healthy for us to eat anymore thanks to big Ag, but we can pay monthly, weekly, and daily for everything we DON’T need..and these app developers are the WORST.. and they don’t do anything at all that’s ACTUALLY GOOD or VISIBLY BENEFICIAL to or for ANYONE BUT themselves. I can’t stand the thought of Socialism or Communism, but Capitalism is JUST AS BAD!
To the ftc.gov admin, Your posts are always well presented.
Hi ftc.gov administrator, Your posts are always well-received and appreciated.