What do the model of your first car, your favorite hobby, and the high school you attended have in common? If you said they’re questions commonly used for online account security and online quizzes, you’re correct! Before you take a quiz to find out which Marvel character you are, ask yourself: Do I know who’s gathering this information about me — or what they plan to do with it?
Personality tests, quick surveys, and other types of online quizzes ask seemingly harmless questions, but the more information you share, the more you risk it being misused. Scammers could do a lot of damage with just a few answers that give away your personal information. We’ve heard about scammers phishing for answers to security question data through quizzes. They use your quiz answers to try and reset your accounts, letting them steal your bank and other account information. Some scammers hack social media accounts and send malware links to friends of the hacked account holder under the guise of sharing a quiz.
One major way to protect your personal information — in addition to maintaining strong passwords and using multi-factor authentication — is to steer clear of online quizzes…or just don’t answer them truthfully. As for accounts that require actual security questions, treat them like additional passwords and use random answers, preferably long ones, for those too. Asked to enter your mother’s maiden name? Say it’s something else: Parmesan or another word you’ll remember. Or use a password manager to store a unique answer. This way, scammers won’t be able to use information they find to steal your identity.
If you suspect that an online quiz is a phishing scam, tell a friend. Then, report it to the FTC at ReportFraud.ftc.gov.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.
What about surveys from Organizations that you belong to? and come from Survey Monkey? Are these safe?
I am victim Phishing scams identity theft online security and privacy fraud exploitation racism discrimination by media social media crown corporation CIA FBI FCC IRS DND DHS DOS SUPREME COURT FEDERAL COURT GENERAL POLICE POLICE CONGRESS
We keep getting several telephone surveys every month asking for information also! We tell them that we DO NOT give surveys over the phone, and then we just hang up on them!
thanks for the information, what should I do if I have already done this quiz issue?
The Social Security Administration uses these trite questions in its log-in requirements. So does each of the Big 4 Credit companies like Equifax. Why doesn't the Administration get them to change those uses and requirements? The password manager company LastPass gave away its entire vault backup of customer data to hackers because it did not keep that data encrypted. Which federal agencies, like the FTC and CFPC regulate that category of business, if any? If new legislation is required to give those agencies jurisdiction and enforcement power, ask Sen. Elizabeth Warren and Sen. Ron Widen to write it.
GOOD INFO WILL HEEED!!!
Haven't there been reports of password managers being hacked?
Who'd have know something that seems innocent can be something that could be so dangerous!
The F.T.C. needs to investigate Facebook which is my primary source of attempts to scam me. Imposters hack accounts and ask to accept them as friends (often imposing as friends I am already on my friend list). The most recent attempt was hacking an elderly lady and replacing her profile photo(s) with a young HOT woman showing a lot of skin. Not long after one accepts one of these requests you get a message from them "Hello! How are you doing? Have you heard the good news?" The good news is typically about some government grant, etc. GO AFTER THESE CROOKS MOSTLY BASED OUT OF NIGERIA!!!!!!!!
In reply to The F.T.C. needs to… by Howard Pritchartt
Thank you for opening my eyes! I had no clue scammers could do this with seemingly innocent quizzes! Good to know!
Thanks the warning.
I noticed that on my phone I message that says citi bank alert. I am afraid everything talikg about bank.
I don't do online banking.. I am afraid of security breach... thanks this educational warning . I will read it again.