Skip to main content
Image
Phishing online quiz

What do the model of your first car, your favorite hobby, and the high school you attended have in common? If you said they’re questions commonly used for online account security and online quizzes, you’re correct! Before you take a quiz to find out which Marvel character you are, ask yourself: Do I know who’s gathering this information about me — or what they plan to do with it?

Personality tests, quick surveys, and other types of online quizzes ask seemingly harmless questions, but the more information you share, the more you risk it being misused. Scammers could do a lot of damage with just a few answers that give away your personal information. We’ve heard about scammers phishing for answers to security question data through quizzes. They use your quiz answers to try and reset your accounts, letting them steal your bank and other account information. Some scammers hack social media accounts and send malware links to friends of the hacked account holder under the guise of sharing a quiz.

One major way to protect your personal information — in addition to maintaining strong passwords and using multi-factor authentication — is to steer clear of online quizzes…or just don’t answer them truthfully. As for accounts that require actual security questions, treat them like additional passwords and use random answers, preferably long ones, for those too. Asked to enter your mother’s maiden name? Say it’s something else: Parmesan or another word you’ll remember. Or use a password manager to store a unique answer. This way, scammers won’t be able to use information they find to steal your identity.

If you suspect that an online quiz is a phishing scam, tell a friend. Then, report it to the FTC at ReportFraud.ftc.gov.

Search Terms

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Ann Joseph
January 11, 2023

What about surveys from Organizations that you belong to? and come from Survey Monkey? Are these safe?

Melissa Cook
March 06, 2023

In reply to by Ann Joseph

I've been dealing with one particular survey that seems to have infiltrated Branded Surveys. Any time you open a survey - company identified providing survey - DKR1 Surveys hijacks the site. I have reported this to Branded Surveys with screenshots and copies of the URL. I have yet to hear anything back and DKR1 is still hijacking every single survey on the site.

Guenther Woehlert
February 01, 2023

You provide good and solid information that can be used by your readers. I tried to also do your survey, but it goes into details I couldn't possibly provide.

Ginger Pugni
February 01, 2023

Why aren’t these platforms being charged for aiding criminals and scammers. They know what they are doing and have been charged with corruption for censorship with the fake president and his administration

Christopher Je…
January 11, 2023

I am victim Phishing scams identity theft online security and privacy fraud exploitation racism discrimination by media social media crown corporation CIA FBI FCC IRS DND DHS DOS SUPREME COURT FEDERAL COURT GENERAL POLICE POLICE CONGRESS

gary wilkinson
January 11, 2023

We keep getting several telephone surveys every month asking for information also! We tell them that we DO NOT give surveys over the phone, and then we just hang up on them!

Melvin BB Grant, AIA
January 11, 2023

thanks for the information, what should I do if I have already done this quiz issue?

Lea Renee
April 28, 2023

In reply to by Melvin BB Grant, AIA

Not much you can do about what’s already done, however, by your wording, it sounds to me like this has only happened a time or two in your case, so, to that end, you may be able to contact the company who took the survey, get their address, and write them a letter stating you don’t want your information sold or provided to anyone outside of the company who took the survey for any reason except for in response to a lawful subpoena by the courts, in which case it can’t be helped. - I’d consult a data privacy attorney for the finer details, just to be certain. Going forward, you can simply abstain from responding to quizzes or surveys unless they are provided by a trusted and well known source that’s transparent about how they use your information , and make sure you read through the terms and conditions AND the privacy policy for and website, app, or online subscription you’re considering signing up for, downloading, or when you first (or very next) visit or open it… and if you can’t be 100% ok with the terms as contracted in the EULA, tge terms and conditions,AND/OR the privacy policy, don’t download it, don’t visit the site, don’t use the app, don’t sign up for the subscription. Usually the ones you have to pay for monthly are less heavy on what the collect or what permissions they require access to because they’re NOT making money from selling your info, but with subscription fees… nowadays, if an app is free… they’re pretty much selling your data. It’s sad and dispicable.

Jay Beckerman
January 11, 2023

The Social Security Administration uses these trite questions in its log-in requirements. So does each of the Big 4 Credit companies like Equifax. Why doesn't the Administration get them to change those uses and requirements? The password manager company LastPass gave away its entire vault backup of customer data to hackers because it did not keep that data encrypted. Which federal agencies, like the FTC and CFPC regulate that category of business, if any? If new legislation is required to give those agencies jurisdiction and enforcement power, ask Sen. Elizabeth Warren and Sen. Ron Widen to write it.

Richard Gropper
January 11, 2023

GOOD INFO WILL HEEED!!!

Cappy
January 11, 2023

Haven't there been reports of password managers being hacked?

Joe Riley
January 12, 2023

Who'd have know something that seems innocent can be something that could be so dangerous!

Howard Pritchartt
January 13, 2023

The F.T.C. needs to investigate Facebook which is my primary source of attempts to scam me. Imposters hack accounts and ask to accept them as friends (often imposing as friends I am already on my friend list). The most recent attempt was hacking an elderly lady and replacing her profile photo(s) with a young HOT woman showing a lot of skin. Not long after one accepts one of these requests you get a message from them "Hello! How are you doing? Have you heard the good news?" The good news is typically about some government grant, etc. GO AFTER THESE CROOKS MOSTLY BASED OUT OF NIGERIA!!!!!!!!

Kimberley S Ro…
March 16, 2023

In reply to by Howard Pritchartt

This is great useful information above but you also are so completely right. Someone was actually able to get into my Experian account due to all automated systems to answer questions. Most answers could have come off my Facebook profile and anyone could answer. I still have not gotten through to Experian to this day!

Jacq
January 18, 2023

Thank you

Kiki Dawson
January 17, 2023

Thank you for opening my eyes! I had no clue scammers could do this with seemingly innocent quizzes! Good to know!

Editha
January 18, 2023

Thanks the warning.
I noticed that on my phone I message that says citi bank alert. I am afraid everything talikg about bank.
I don't do online banking.. I am afraid of security breach... thanks this educational warning . I will read it again.

Mary
January 31, 2023

TIK TOK, a social media app owned by China was asking me my full birth date before I could use it. It stated that they would not publish it publicly. I decided I do not need to use that app, I was only curious so immediately deleted it from my iPad. Do not use your real birthdate in any app. It is just one more step to get closer to your financial information.

Rafael Navarro
February 07, 2023

I did send to many complaints about compans fraud and i didn't received any answer only the case number when a i tried to check nothing appear... last complain was if they know about identity theft happened me in a clinic a received al information to how request the refund it was programmed to january but dont see any refund . i call to the and they say the case was stopped dont tellme why

i did sent to the ftc request if they know about and way this case is stoped.. and i still waiting for the answer

Lea Renee
April 12, 2023

Ok, but… how do I know which PASSWORD MANAGER TO TRUST?! In these screwed up times, it seems like not only do we have to worry about “hackers” or malware or phishing scams and everything ELSE we ALREADY have to worry about.. but now it seems like just about every other site or app we use, sometimes multiple times a day.. is collecting OUR information and selling it to make a profit off of OUR information… and doing so very well, at rates that exceed whatever MEAGER AT BEST accommodation their website offers or provides to us. It’s not just PREVALENT in the commercial universe, IT’S RAMPANT. Even worse, these companies have provided so little in return for the information they “collect and use for business purposes at their sole discretion” (yeah, I’ve read the standardized EULA from beginning to end.)
Which, to ME… doesn’t include “making money by selling off YOUR PRIVATE, INTIMATE INFORMATION to YOUR ‘business partners’, while continuing to ‘provide’ a ‘service’ which I may only use once and decide I hate it -too bad for me, GREAT for YOU- or once in a blue moon, or once a DAY.”
To be honest, when I first signed up for my very first Gmail account, I ready the EULA… just to see what it said.. and yeah, there are some laypersons mental acrobatics to perform in understanding the general thing, but nevertheless, I understood it well enough, I thought.
So, I wasn’ SHOCKED or SURPRISED or even dismayed really when Google’s Gmail took its place on the media hot seat because enough people, enough consumers had raised complaints or concerns when they began receiving unsolicited emails sent to them from random sources they didn’t previously have ANY IDEA even existed… because their email address and non-identifying information had been collected, aggregated, compiled into a demographic-specific list (or a collection of demographically specific lists, for all I know) which was then sold to the highest bidder. Back then, then- 20 years ago- they maybe didn’t collect AS MUCH information… CONSTANTLY, but at that point, I don’t think ANYbody, me particularly, would ever have imagined that it wasn’t a “one & done”, single-use, limited authorization… that we were agreeing to ONGOING STALKING BEHAVIOR… in exchange for the use of the product. Nobody was used to any sort of subscription beyond magazines, newspapers and jam of the month… nobody ever enjoyed paying monthly for those things even when they were $2 a MONTH, and now EVERYTHING iIs by subscription. How is this good? How is this beneficial to the MAJORITY? We can’t even buy food that’s healthy for us to eat anymore thanks to big Ag, but we can pay monthly, weekly, and daily for everything we DON’T need..and these app developers are the WORST.. and they don’t do anything at all that’s ACTUALLY GOOD or VISIBLY BENEFICIAL to or for ANYONE BUT themselves. I can’t stand the thought of Socialism or Communism, but Capitalism is JUST AS BAD!

Kassandra Van Raalte
February 14, 2023

To the ftc.gov admin, Your posts are always well presented.

Catherine Han
February 24, 2023

Hi ftc.gov administrator, Your posts are always well-received and appreciated.