In stressful times — and I think we all agree these qualify — Facebook can feel like a little bit of sanctuary.
Avoid the politics — and that person who insists on posting a picture of every restaurant meal he orders — and Facebook is where you get to see someone’s new puppy, vicariously enjoy their vacation or chime in on a happy birthday.
Then there’s quizzes that pop up, those mindless momentary diversions: What was your first dog’s name? Where’s your hometown? Or this one I saw recently: Transpose the numbers of your age to show your true level of maturity.
All in fun, right? Then came a dry response from a fellow Facebooker who essentially said: Why don’t I just give you my bank account number and password and save you some time?
Are these seemingly harmless quizzes — often posted or re-posted by well-meaning Facebook friends for fun — potential gold to identity thieves who mine social media like they’re working a metal detector on the beach?
In one popular quiz, you’re asked to combine your first pet’s name with your mother’s maiden name to come up with your stage name should you become an exotic dancer.
And both those subjects happen to be oft-used security questions for accessing your various accounts.
“Whenever you’re being asked to provide information that could easily be background security questions ... you’re potentially exposing yourself to malicious acts,” said Richard Lawson, a Tampa attorney and former director of the Consumer Protection Division of the Florida Attorney General’s Office.
Even age, gender and zip code can be building blocks for both legitimate marketers and someone looking for personal data to commit fraud.
“It is shocking how little information is needed in order for malicious actors to move on it,” he said. “That’s the thing most people don’t grasp — it’s far more than our bank account information.”
Cyber criminals are “very good at using human psychology to trigger people into giving away information without even thinking about it,” said Kate Whitaker, assistant director of communication and outreach for Cyber Florida: The Florida Center for Cybersecurity. And knowing we tend to re-use passwords, a bad actor will try it out on a variety of accounts, she said.
“Your pet’s name, your kid’s name, even your favorite movies or your favorite books — if you use those as password reminders or security questions, don’t put them on Facebook,” she said.
It probably doesn’t help that we’re predictable.
According to NortonLifeLock survey data, one in five of us have used our own name and/or birthday in a password. Nearly a third of us have used a pet’s name.
And we do like those quizzes: Nearly 40 percent of social media users surveyed had completed a quiz or played a game that appeared in their feed in an average week, according to a Cyber Florida report.
“You’d be surprised — there’s a lot of people out there fishing for information,” said Henry Bagdasarian, author of Identity Diet. “That’s their job. That’s what they do.”
A recent post on Facebook said to imagine that the last thing you ate would be your every meal for the rest of your life. What was it?
I thought long and hard about the cybercriminal potential before I posted what had to be the least-telling answer ever: Toast. (My exotic dancer name was way better.)