“Just for Fun” and “Getting to know you better” quizzes… People on Facebook most certainly have seen them pop up in their Facebook feed. These seemingly innocent games are fun ways to share trivia with friends and neighbors. However, don’t let fun get the better of you, warns the police. Scammers use these games as clever tricks to hack people’s accounts.
Circulating for Years
The Just for Fun Facebook scam has been circulating worldwide since at least 2013. Lately, the game has been popping up more and more frequently on people’s news feed. Reason enough for the New South Wales Police to alert residents and ask them to stop posting and reposting these fraudulent messages.
Just for Fun posts usually include questions like: “Where did you grow up, what’s your favorite color, your first pet’s name, your first car, etc.” Innocent enough questions, but, unfortunately, the only purpose these posts serve is for scammers to gather personal information.
In many cases people’s responses are the answers to their security questions. In a not-so-distant past, people setting up an account were usually asked to provide a series of secret questions and answers. The answers could later be used to recover accounts in case users forgot their password or when they wanted to change private information or certain account settings.
Consequently, scammers can use the answers people willingly provide to hack into their accounts. From there, it’s easy to take over a person’s account. Not only can scammers then access private and potentially sensitive information, they can also use the account to contact the victim’s friends or colleagues and send them any message they like.
Further, the compromised account can also be used for more criminal activities. To spread malware, for example, or to attempt payment fraud or launch phishing campaigns. These campaigns can be very successful as the recipient receives emails or messages from someone they know and trust.
Armed with people’s personal information, scammers can also socially engineer the messages they send the original victim, without necessarily taking over their account at first. Knowing what music the person likes or where they want to go on holiday, they could lure them to a phishing website, for example, and gather further information.
How to Stop
How to stop these scams from circulating? Simple: stop answering secret questions, stop reposting these posts and, more generally, stop oversharing information. Of course, not all social media quizzes are data collection scams. However, it’s better to be safe than sorry.
Further, two-factor authentication can help. Users can either link their account to their phone number or use an authenticator app to generate login codes when they try to log in to their account. These codes change every time, making it impossible for hackers to take over an account.