What do your childhood street, the name of your first pet, and the city where you were born have in common? If you guessed “common fodder for both security questions and Facebook quizzes,” you’re on the right track.
Online quizzes, personality tests, and fill-in-the-blank surveys may feel like harmless fun, but each answer you share is a piece of your personal puzzle. Scammers can take just a few of these details to guess passwords, answer security questions, or even reset your accounts, which puts your identity and your money at risk. Some bad actors even hijack accounts to spread malware links disguised as quizzes to your friends, thus creating a ripple effect of potential damage. In the world of Facebook, Instagram, and other social sites, even small overshares or simple clicks can put you at risk. So, here’s what to watch out for—and what to avoid.
1. Watch Out for Data Mining Memes
Want to know your “pirate name”? All you have to do is share your first pet’s name and your mother’s maiden name. Your “spy name”? Your middle name plus your birthplace make you Marie Corvallis. Cute, harmless fun, right? Unfortunately, these kinds of memes are a goldmine for scammers because they ask for answers that are often used as security or password-recovery questions. So, posting them publicly is like giving scammers a head start on identity theft.
What to Do Instead: Skip the memes and treat your personal data like you would passwords. If you encounter a site where security questions are required to confirm your identity, pick questions that only you can answer. Avoid questions with answers that someone could easily find online and those with a limited number of potential answers—like the color of your first car. Even better, use fake answers. Instead of responding to security questions with the truth, use a false answer that others can’t verify or guess (ideally with a random string of characters). Just be sure it’s something that you will remember.
2. Skip Those Cut-and-Paste or Fill-in-the-Blank Surveys
Those “fill in the blank” posts might look like fun ways to share your favorite things—like “My favorite movie is ___” or “The last concert I went to was ___”—but they can be more dangerous than they seem. Each answer reveals personal details about you, your habits, or your social circle that scammers can piece together. And, by sharing them, you’re doing much of a hacker’s work for them.
Every answer is basically a data point: combine enough of them and over time, those seemingly innocent bits of information can be used to access accounts or craft convincing phishing messages.
What to Do Instead: Avoid filling out these surveys, even on trusted sites or when shared by trusted friends. If you really want to play along, make up answers that aren’t true.
3. Be cautious with friend requests and direct messages
Scammers often create fake accounts pretending to be someone you know—or someone you’d like to know—to gain trust. Once connected, they send links, ask for money, or try to gather personal information. So, be suspicious of requests from people you don’t know and be especially careful of profiles that are new or have few personal details.
If you receive a friend request from someone you are already friends with, it could be a sign of a fake account. Check the URL of the profile to confirm it’s different from your real friend’s, or—even better—check with your friend directly. If the request came from a fake profile, report it immediately.
What to Do Instead: Only accept friend requests from people you actually know. If a message seems off, verify it through another channel before clicking links or sharing anything.
4. Think before you post about routines or travel
Sure, it’s fun to share the details of your exciting trip to Japan or the photos from your family vacation to Disney World. However, posting that you’re on vacation or breaking from your daily routine can also tip off criminals that your home is empty.
What to Do Instead: Wait until you’re back to share vacation photos, and avoid sharing specifics about your location or plans in real time. To that end, it’s also wise to avoid sharing too many details about your daily routine online, even seemingly harmless posts about errands, workouts, or commuting habits, which could help a scammer or burglar predict your schedule.
5. Protect your account with strong passwords and two-factor authentication
Weak or reused passwords are one of the easiest ways for scammers to break into your accounts. Once they have one password, they can try it on your email, social media, or even banking accounts, putting multiple aspects of your life at risk.
What to Do Instead: Use long, unique passwords for every account—ideally a mix of letters, numbers, and symbols—and consider using a reputable password manager to keep track of them safely. Also, enable two-factor authentication (2FA) wherever possible. This adds a second layer of security (usually a code sent to your phone or generated by an app) so even if someone steals your password, they still can’t access your account. Then, regularly update your passwords. The more proactive you are, the harder it is for fraudsters to get in.
6. Don’t click on suspicious links or attachments
Scammers often disguise malware or phishing attempts in links or files sent via social media, email, or messaging apps. Some links could lead to phishing sites that look legitimate, tricking you into entering passwords or personal information. Other links or downloadable attachments from untrusted sources could infect your device, help scammers steal your login credentials, or even give them control of your accounts.
What to Do Instead: Always hover over links to see where they lead before clicking. Only download attachments from people or organizations you trust—and even if you think you do, verify. If a message seems unusual—even if it comes from a friend—don’t click. Taking a moment to double-check can prevent a lot of headaches later.
7. Be careful with location sharing
Sharing your location on social media might seem harmless, but it can create serious risks. Real-time check-ins, geotagged photos, or posts about where you are can signal to criminals that your home is empty or reveal patterns in your daily routine. Even indirect clues, like recognizable landmarks in a photo, can be enough for someone to figure out your whereabouts.
What to Do Instead: Turn off location services for social media apps whenever possible, and avoid posting your location in real time. Be mindful of what your posts reveal about your habits, commute, or favorite spots—sometimes the smallest details can add up. Also, regularly review your privacy settings and limit who can see your posts. Consider restricting your location data from being attached to photos and videos. Keeping control over your digital footprint is one of the simplest ways to protect your identity and personal safety.
Scammers’ favorite tools are those that exploit human nature: curiosity, trust, and convenience. So, as you scroll, stay aware. Think before you click or post and limit the personal data you share online. A little caution can go a long way toward protecting your identity and your money. And, as always, remember the number one rule of internet safety: if something seems too good to be true—or too strange to be real—don’t engage.
Want more security tips?
- Take our “How Safe Are You Online?” quiz.
- Find out how to secure your smart speaker.
- Learn how to protect your finances through mindfulness practices.