We’ve all seen them — the light-hearted quizzes on Facebook and other social platforms asking “What was your first car?”, “What’s your mother’s maiden name?”, or “Which street did you grow up on?”. They seem harmless enough, a bit of nostalgic fun, and a way to connect with friends.
But from a cybersecurity standpoint, these questions are anything but innocent.
Many of the questions posed in these so-called “fun quizzes” mirror the very security questions used by banks, email providers, and online accounts to verify your identity. Sharing these details online, even in a casual setting, could give cybercriminals exactly the information they need to access your accounts.
It doesn’t take much for a fraudster to build a profile of you. A date of birth mentioned in a birthday post, a pet’s name dropped in a comment, and a quiz revealing your first car or primary school can all be pieced together to bypass security checks.
In the UK, the scale of cybercrime is growing. According to the National Fraud Intelligence Bureau, millions of pounds are lost each year to online scams, with criminals often relying on information that victims themselves have posted on social media. The Information Commissioner’s Office (ICO) has also warned that oversharing personal details can put individuals at greater risk of identity theft.
Facebook quizzes, in particular, have been highlighted by UK police forces and Action Fraud as a common method cybercriminals exploit to harvest data. What feels like a bit of light entertainment is, in reality, a data-mining exercise.
It’s not only individuals who are vulnerable. Employees who share too much online can inadvertently put their organisations at risk. Hackers can use personal details to craft convincing phishing emails or even attempt to reset corporate account passwords. For businesses — especially SMEs without large IT security teams — this can lead to costly breaches.
Think before you click: Avoid participating in social media quizzes or “getting to know you” threads.
Limit what you share: Review your privacy settings and be selective about what personal details you post publicly.
Use strong, unique passwords: Don’t rely on security questions alone; enable two-factor authentication wherever possible.
Stay informed: Follow guidance from trusted sources like the National Cyber Security Centre (NCSC) for best practices.
Social media should be a place for connection, not exploitation. The next time you’re tempted to take a quiz about your “dream holiday destination” or “which classic car you are,” remember — the true prize might not be your result, but the personal information you’re giving away.