The seemingly benign quizzes asking personal details take advantage of individuals’ willingness to share and could be used to establish passwords, password hints, and more.
We’ve all seen them – quizzes on Facebook asking everything from which Harry Potter character are you, to what state were you born in, to what was your first pet’s name. It seems that none of the people answering these questions saw the scene in the movie "Now You See Me" where the main characters tricked Arthur Tressler into divulging personal information to be used later against him.
According to security vendor Avast, the new wave of social media quizzes may very well be intent on doing the same thing. “They’re meant to seem so light and fluffy that anyone looking for a boredom-killer might be amused by them. And that’s the point. The creators of these quizzes want them to appear meaningless and harmless. They want everyone to engage whimsically with them. Because in truth, many are phishing attempts at your personal data.”
Because of the seemingly innocent (and entertaining) nature of the quizzes, threat actors using such tactics can easily capture information that is often used as the source of passwords or password reset questions.
Security Awareness Training will help keep employees vigilant against such social engineering tactics, helping to minimize your organization’s threat surface and keep attacks from being successful.