Facebook Quizzes Play on Your Emotions to Harvest Your Personal Data

Which modern vampire are you? In which Hogwarts house do you belong? What Friends character do you most resemble? Ah, Facebook quizzes. They’re fun. They’re social. And, they expose you to malware, ransomware, and identity theft—sometimes by design.

Don’t believe me? Just ask the 63,000 users who were compromised via Facebook quizzes last year, according to a new lawsuit initiated by the social media giant.

So, while you might be dying to know if you have the smarts to pass The History Test Most of America Will Fail, for all that is good and holy, step away from the Facebook quiz. (Yeah, I’m talking to you, dad.)

Clickbait Facebook quizzes are the scourge of the Interwebs

You don’t have to be a social scientist to understand that Facebook quizzes aren’t truly revealing. Rather, they’re poorly designed clickbait created with two purposes in mind:

  • To nudge you into revealing your personal data
  • To manipulate you into sharing your quiz results so that your friends and family will, in turn, share their own data and quiz results

Think of Facebook quizzes as the STIs of the web. (It’s best to avoid contact.)

Here’s how these quizzes work

The quiz creative—the headline and image—are meant to play on your desire to feel included, connected, or exceptional in some way. They’re crafted with seductive language that suggests you’re special or that you’ll learn something that aligns you with a feeling, community, or character that’s desirable—and it’s all designed to generate the click.

When you fail to resist temptation, you’re prompted to log in using Facebook before being served the quiz. The moment you do, the quiz developer gains access to your public profile data, email address, friend list, and more. The quiz may then prompt you to share other personal data, like your birthday and phone number. Some even go so far as to bury prompts for crucial data as playful questions within the quiz itself.

When sharing your first pet’s name and your first street address to arrive at your stripper name, for example, you’re also sharing answers to common account security questions.

Now, Facebook quiz designers can put the data they’ve acquired to work. For starters, they can highly target their ad content. Don’t think that’s a big deal? Then please consider the alternative uses of your data. Quiz developers may:

  • Use your personality profile in ways you’re not comfortable with
  • Target you with ads that appear to be legitimate, but are vectors for ransomware or malware
  • Steal your identity and exploit it themselves or sell it on the Dark Web

Okay, the Facebook quiz designers now have your data. Next step: They need you to share your quiz results so that others in your friend list will also take the (click)bait.

This is why quizzes are startlingly easy to pass; it’s why they “reveal” something about your character that you find desirable or, at least, entertaining. Quiz designers know you won’t share a failing grade or something unsavory. They also know you crave the kind of social validation you’ll get when The Sorting Hat places you in Gryffindor, and your social network confirms you’re the most courageous person they know.

Don’t feel awful about it. We all want to feel special.

Facebook quiz designers play us.

There is no such thing as a safe Facebook quiz

In some cases, Facebook quiz designers may be well-intentioned—even highly reputable. Take the University of Cambridge, for instance. When presented with a Facebook personality quiz created by the University, you could rightly assume your data was safe, right?

Wrong.

Last spring, New Scientist reported the sensitive personality data of 3M Cambridge quiz users had been exposed through public-facing login credentials on the code-sharing website, GitHub.

Consider, also, a New York Times report that Cambridge psychology professor, Aleksandr Kogan, then created an app that similarly harvested Facebook user personality data—data that influenced the most consequential presidential election of any of our lifetimes. (Cambridge Analytica, anyone?)

Of course, Facebook quizzes launched by cybercriminals are lurking out there, too. No, these aren’t quizzes hacked together by suspicious neighbor kids in the dark recesses of their parents’ basements. There is a vast criminal network that inhabits the Dark Web and traffics in your data—and their social engineering campaigns are not only growing increasingly sophisticated (read: more likely to trick you), but also easier to implement (read: criminals no longer need to be computer scientists to execute campaigns).

In short, by manipulating your innate desire to feel included, connected, and special—these cybercriminals open the door to infecting you with malware and harvesting your data.

What should you do?

For starters, take a hard pass on any future Facebook quizzes that come your way—or quizzes that pop into your feed on any social media channel, for that matter. You don’t need a quiz to tell you which Disney princess you are. I can do that. (You’re Jasmine.)

Next, do a quick Facebook privacy checkup to limit the amount of personal data you have floating out there. As you review it, think about whether you want your phone number, email address, and birth date in the hands of someone skilled at identity theft.

Then, make sure you’ve not only installed anti-virus software on your computer but that it’s up-to-date, as well. This will offer you a degree of protection from the Facebook quizzes that might otherwise infect you with malware or ransomware.

At the end of the day, these lousy, hacked-together Facebook quizzes aren’t worth the risk, so stay away. Goodness knows, they won’t reveal anything I don’t already know about you.

I can see that you’re fabulous all by myself.