Windscribe VPN CEO warns your favourite Facebook quizzes are actually stealing your bank details | Daily Reports Online
- Windscribe CEO warns social media quizzes can harvest data to bypass knowledge-based authentication
- The ‘fun’ prompts often perfectly mirror bank security questions
- Experts advise users to treat them as a second password by lying
We’ve all seen them pop up on our feeds: “What’s your 90s sitcom character?” or “Discover your stripper name!” But while these social media quizzes might seem like a bit of harmless fun, they are actually acting as a massive phishing net.
That’s the warning from Yegor Sak, the founder of one of the best VPN providers, Windscribe. According to Sak, these viral personality tests are carefully crafted to harvest the exact answers that financial institutions use to verify your identity.
By wrapping standard bank security questions, like your mother’s maiden name, your first pet, or the street you grew up on, into a gamified social media post, attackers are tricking users into willingly handing over the keys to their accounts.
The dangers of Facebook quizzes
The success of these quizzes comes down to psychology rather than advanced hacking techniques. The questions are cleverly disguised to disarm your natural skepticism.
“If a stranger walked up to you on the street and asked for your mother’s maiden name, your first pet, and the street you grew up on, you’d walk away,” Sak explained. “Wrap those same questions inside a ‘Which 90s sitcom character are you?’ quiz, and people happily type the answers into a database owned by someone they’ll never meet.”
Sak describes every completed quiz as “a credential reset form for a stranger.”
Asking for a mother’s maiden name directly puts people on the defensive, but asking for a silly combination of a first pet and childhood street gets a laugh.
“Same data. One feels like an interrogation. The other feels like a game. That gap is the entire attack surface,” said Sak.
This isn’t just a theoretical threat. Back in 2020, a major investigation by the UK’s Information Commissioner’s Office (ICO) confirmed that personality-style apps on social platforms were harvesting data from tens of millions of users, many of whom had no idea their information was being collected.
“Most people have been quietly handing over the keys to their bank accounts for the better part of a decade,” Sak noted, “and they think they’re just having fun on Facebook.”
How to protect yourself (and why you should lie)
So, how do you spot a trap? Sak says the danger lies in the type of information requested.
“Any quiz asking for a name plus a memory is a red flag,” he warned. “First pet, first car, first school, the street you grew up on, mother’s maiden name, favourite teacher. If a quiz is collecting four or five of those in one round, it’s not a personality test. It’s a security questionnaire with stickers on it.”
Because a leaked password can be changed in seconds but the name of the street you grew up on cannot, Sak recommends a simple but drastic fix for knowledge-based authentication: lie.
If you’ve ever filled out one of these quizzes, you should immediately update the security questions on your bank, email, and brokerage accounts. Treat the answers like a secondary password by using random, fictional responses.
“The data is gone,” Sak concluded. “The only thing left to do is change your security answers everywhere, and stop using questions whose answers exist on the internet.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
