Don't answer viral Facebook questions with personal information

However, this kind of viral content is prime material for online criminals. These “social engineers” harvest your personal information to trick you into handing over money or to hack you directly.

Take the Star Wars prompt above. Seems innocuous, right? Consider this: your mother’s maiden name and the town you were born in are two of the most common questions used in account recovery.

If you forget the password to your Microsoft account, Gmail address, or even your online banking, those are the questions you answer to prove you’re you. If a stranger on the internet can take a good guess at those things, they’re most of the way to hacking into your account.

If your Star Wars surname is Pawel, it wouldn’t take too many guesses to figure out “Patel” and “Wellington” as your recovery answers.

Also keep in mind that, unless you lock down your profile, scammers can fill in the gaps by clicking through and seeing the posts you’ve made and who your friends are.

You might see this post and think it’s too funny not to respond with “Big Mac No Pickles”. Then you get an email from your bank, saying you’re having issues and it needs to log into your account. To prove it’s “genuine”, the bank will tell you your most recent transaction was at the local McDonald’s. Only the email won’t have come from your bank, but a scammer using information gleaned from Facebook.

You’d probably suspect something fishy, but anything that makes you second-guess is potentially dangerous.

We’ve noticed more of these posts since lockdown, and we get it – we all need some social interaction and a bit of a laugh. But to help ensure your safety (and that of your friends and family), don’t respond to these posts on public pages, and preferably not at all.

Even better, you can help to stop the spread – if a friend or family member unwittingly shares something that could be used for social engineering, let them know the risks. They might not repeat the mistake next time.

Have you, or someone you know, been a victim of an online scam? Contact us at [email protected] so we can share your story and help protect other New Zealanders.