If you’re anything like 2.89 billion people in the world, you probably use Facebook. There is certainly no problem with that. In case you wanted to join, we even have our own Facebook group where caregivers can ask for advice or simply vent about their day to like-minded allies.
In not-so-breaking news, the largest online community on the planet has wound up being so much more than just a social media network. We’ll leave the politics and misinformation hot takes for another day, but there are some important items for you to understand when it comes to sharing on their platform.
In recent years, brands and individuals have populated the platform with fun prompts. You’ve probably seen them. Think graphics with status updates that read, “Your superhero name is your mother’s maiden name and the name of the street you grew up on” or “Your leprechaun name is your kindergarten teacher’s last name and first pet’s name.”
They’re interesting, quirky, funny, and bring on a healthy dose of nostalgia.
We’re sorry to say, but the answers to these questions are also being used for sinister reasons. These seemingly benign prompts that give you a giggle because your answer is something like “Fido Main Street” can play a part in Facebook phishing scams.
Here’s why you should avoid posting answers publicly.
Why These Posts Put You At Risk for Getting Scammed
The Sutton Police Department in Massachusetts sounded the alarm on these posts a few years ago.
“Please be aware of some of the posts you comment on,” the department warned. “The posts that ask what was your favorite teacher’s name, who was your first-grade teacher… etc… Those are the same questions asked when setting up accounts as security questions.”
And what do those security questions do? They allow you to change or retrieve your password from websites, including your bank, credit card, and medical portal to your doctor’s office. Giving up these answers gives hackers a chance to access accounts containing not only personal information like your social security number but money.
Perhaps you keep your Facebook friends list small — only people you know and trust in real life. That’s certainly a best practice. But often, these posts are on brand-owned pages you may follow. Anyone can see your answers when you comment on them — including people not on Facebook. Non-Facebook users can still view a brand’s page from their browser without logging into the platform.
In other words, when you answer these questions — and they truly are fun to answer — you are inadvertently sharing the answers to your password security questions with the world.
How These Answers Lead to Theft
Hackers collect this information on you and develop a profile of potential security question answers. They use it to log into accounts. From there, they can transfer money from your savings to theirs, open a line of credit, steal your identity, or try to fool you or your friends into clicking on links that lead to malware.
Even the quiz itself could be a trap. Though these questions are often posted by well-meaning brands and friends just looking to have some fun, sometimes, they’re posted by bad actors who direct you to a link to see the quiz. But in reality, it really leads to a malware site that can send a virus to your computer.
How to Protect Yourself from Facebook Phishing Scams
Despite the warnings, these posts seem to be more prevalent than ever. Still, all of this information likely sounds rather scary, particularly if you’ve been spending time scrolling through Facebook and playfully answering these questions.
The good news is that you can take steps to reverse any potential damage and avoid it in the future.
See Something, Don’t Write Something
If you see one of these posts, refrain from commenting with your answer. Though it’s fun to participate in the public water-cooler that is Facebook, particularly if you’re feeling isolated, it’s not worth the potential fallout if a hacker gains access to your bank account password. Instead, think it in your head, smile, and move on. You can also share it in a private text message or conversation with a spouse or sibling who knows exactly where you grew up and your mother’s maiden name.
Practice Good Password Hygiene
Whether you’ve answered one or one hundred of these questions or none at all, it’s always a good idea to take precautions to protect your passwords.
- Change them regularly. Experts recommend changing passwords at least once every three months. Consider changing the questions, too.
- Create a two-step authenticator. Though it’s convenient to just automatically log into a bank account, having two-step authentication can provide a barrier between your money and a bad actor. For example, have the bank text you or email a code before it allows you to log in. This extra step ensures that your password alone isn’t enough to get someone into an account.
- Choose strong passwords. Your pet’s name or password123 isn’t going to cut it. Choose a mix of capital and lowercase letters, numbers, and symbols. Many sites will recommend a strong password.
- Store passwords safely. Emailing passwords to yourself is a surefire up your odds of getting hacked. If someone gains access to your email, they also gain access to this valuable information. Instead, consider a password manager or — get this — paper and pencil. Simply jot down your passwords and put them in an unmarked folder where no one can see them.
View Social Media With a Critical Eye
Though you may go on social media to pass the time and disconnect from the craziness of the world, you do still need to have your guard up. Be sure to:
- Be careful of quizzes or prompts that require you to enter your email address to get an answer
- Avoid posting personal information online, particularly if it’s a giveaway to a password or password security question
- Refrain from clicking on links from a source you don’t know. And even if your friend posts a link, be wary if it directs you to a site or platform you’ve never heard of.
Flagging issues quickly can help you recover any lost assets and may even prevent the bad actor from getting their hands on them at all. Keep an eye on bank accounts for suspicious activity. If you receive an email asking for authentication to a website or platform when you haven’t attempted to sign in, follow the prompts to report the issue.
Your local authorities or the Federal Trade Commission can help you figure out the next steps if you believe an account has been hacked and your identity or finances have been stolen.