Young couple looking at mobile phone, sitting on the ground at home.
News
20 September 2021

Don't answer viral Facebook questions with personal information

Why you shouldn’t answer viral Facebook questions with personal information.

You know the kind of post – a light-hearted question about a nostalgic topic like your first car, or a whimsical way to generate a ridiculous, personalised result.

However, this kind of viral content is prime material for online criminals. These “social engineers” harvest your personal information to trick you into handing over money or to hack you directly.

Image of Stars Wars Facebook post that asks for personal information.

Take the Star Wars prompt above. Seems innocuous, right? Consider this: your mother’s maiden name and the town you were born in are two of the most common questions used in account recovery.

If you forget the password to your Microsoft account, Gmail address, or even your online banking, those are the questions you answer to prove you’re you. If a stranger on the internet can take a good guess at those things, they’re most of the way to hacking into your account.

If your Star Wars surname is Pawel, it wouldn’t take too many guesses to figure out “Patel” and “Wellington” as your recovery answers.

Also keep in mind that, unless you lock down your profile, scammers can fill in the gaps by clicking through and seeing the posts you’ve made and who your friends are.

Image of Facebook post asking for personal information.

You might see this post and think it’s too funny not to respond with “Big Mac No Pickles”. Then you get an email from your bank, saying you’re having issues and it needs to log into your account. To prove it’s “genuine”, the bank will tell you your most recent transaction was at the local McDonald’s. Only the email won’t have come from your bank, but a scammer using information gleaned from Facebook.

You’d probably suspect something fishy, but anything that makes you second-guess is potentially dangerous.

We’ve noticed more of these posts since lockdown, and we get it – we all need some social interaction and a bit of a laugh. But to help ensure your safety (and that of your friends and family), don’t respond to these posts on public pages, and preferably not at all.

Even better, you can help to stop the spread – if a friend or family member unwittingly shares something that could be used for social engineering, let them know the risks. They might not repeat the mistake next time.

Have you, or someone you know, been a victim of an online scam? Contact us at nick@consumer.org.nz so we can share your story and help protect other New Zealanders.

Member comments

Get access to comment

James C.
27 Sep 2021
Close the account and get on with life

Close your Facebook account. It is such a distraction. Life becomes clearer without it. If users knew the underhanded and very deliberate tactics used by social media companies to capture your attention to the point it becomes an addiction they would be pretty disgusted i would imagine.

Adrian
27 Sep 2021
Very good and timely warning for me

This is a really good and timely warning for me. I have answered quite a few of these Facebook etc. 'who are you?' type questions. After having read this email, I will stop.

Joyce & John
25 Sep 2021
innocuous but not necessarily innocent

Very timely - these simple questions can make simpletons of us - I'm surprised they are permitted but then I've responded to a few myself like 'how old were when first you learned to drive.'