The online surveys, quizzes, questions, and other Facebook data-gathering scams just keep on coming. I have to hand it to the men and women who put these social engineering scams together. They are very clever about what they do and very creative in how they do it. New and intriguing ones come along all the time.
Ask These Questions
But that makes them even more dangerous. When you see one of surveys or quizzes and are tempted to answer, try asking yourself these questions:
- Who are you?
- Why do you want to know?
- Are you dangerous?
- Why should I tell you that?
- What are you going to do with the information?
- What’s in it for me?
Can’t Help Themselves
I have friends and relatives who know these are scams but keep right on answering. They are smart people, well-educated people, careful people, who just cannot internalize the fact that these Facebook quizzes are not innocent entertainment. Either that, or they just can’t stop themselves from answering.
I have warned them in blog posts, emails, and in person—to no avail. In her posts, “Data Breaches: No Longer If, But When” and “Beware of Sophisticated Phone and Internet Scams,” Susanne wrote eloquently about the dangers they present. And still, my friends answer.
The reason may be that they mentally connect a Facebook survey with the crossword, jumble, Sudoku, or other puzzle they see in a local publication. “Hey, that looks like fun,” they say. “And what could it hurt?”
For a print publication, the answer is: nothing. You fill it out and the paper or magazine stays in your house until you recycle it, shred it, or throw it away. No one else sees it. But the internet is a whole different story.
What Do the Scams Want?
Perhaps folks just can’t connect the information the scam is collecting with something dangerous. I get that. Some of the social engineering devices just don’t seem relevant to anything a scammer or data harvester would want. Be assured, however, that they do.
Your answer may provide them with information they will use to crack a password. Or it may indicate your preferences as a consumer—information they can sell on the market. Behind some of the quizzes I can see a desire to find out how risky, or risk-averse, you are. That information can send phishing scams your way.
Who’s Asking?
The other issue, of course, is the question I like to ask: Who wants to know?
A currently popular online scam presents the viewer with pictures of different foods, trips, or other consumable product and says, “One of these has to go.” You are supposed to pick the one you like least and provide that information in a comment.
Why? What’s the benefit for you? And, most importantly, who’s asking?
I have looked up some of the “posters” and found they appear to be normal and regular people. One explanation is that they are just the last person to answer the quiz, so his/her answer gets perpetuated to their FB contacts and so on and so on.
That’s how social engineering works. You see that it comes from someone you know and trust, which gives you permission to answer. But people behind the scenes are collecting all this data for their own purposes.
Or, they may be fake people with cleverly curated fake Facebook pages. And how would we know?
Prove Me Wrong
Another scam involves someone making a ridiculous statement followed by the comment, “Prove me wrong.” Example: “Name a fish without the letter A. I bet you can’t.” This one cracks me up. I live in the land of the cod. Also, bluefish, trout, swordfish, pickerel, and monkfish. I don’t answer. Why should I? But people do—all the time.
How about this one: “Age yourself by . . .” Naming the first concert I went to or some other way of determining the year I was born. Why on earth should I want to “age myself” to some stranger? If someone walked up to you on the street and asked you to age yourself, would you do it? Of course not.
Yet time after time, I see that my friends and relatives have done so without a second thought. Or a first one, as far as I can see.
Give Yourself a Point …
… for everything you did or ate or visited on a list—or didn’t do or eat or visited. I admit to counting up my points in my head, but I never put down an answer. You want to know how much of a risk taker I am? Well, who needs to know? And why should I tell you?
It’s nobody’s business but my own if I like olives, have eaten alligator, or ever skipped school. I don’t have to tell you how many cities, states, or countries I have been to. And I have no desire to tell a perfect stranger what I have done or not done in my life. Anyone asking for such information without a good reason has to have an ulterior motive.
Uncommon Common Sense
Use your common sense, people, please. No one puts these things up for the fun of it. Facebook scams are not like the news quizzes that Slate and the New York Times put up on their websites. There, you can test your knowledge of current events, get your score, see how it ranks against others and promote it if you wish.
With the scams, the personal information you voluntarily provide goes into a black hole. You never see it again, have no idea what the scammer is doing with it, and can’t tell when or whether it will come back to bite you. You are cooperating with hackers, scammers, bots and online evildoers who mean you no good.
We can’t stop the scams from coming or expect the social engineering to go away, but we can choose not to participate. Just stop. Please, stop!