People who are active on social media may have seen or even participated in quizzes, games, or surveys that encourage people to share fun information with others. Unfortunately, these activities are sometimes part of social engineering scam attempts, and participation can pose a big security risk by soliciting personal information. 

Some examples of questions asked in these social media activities are: What vehicle did you learn to drive stick shift on? What was the name of your first pet? What is the name of the road you grew up on? 

Writing comments online in answer to such questions can be fun, but answers may inadvertently give away answers to common security questions. This can allow scammers to gain access to information that lets them log on to personal sites – online or mobile banking sites, for example, where account holders are often asked to answer verification questions about their identity before logging on.  

How to protect yourself from data-harvesting schemes? 

Don’t participate. Perhaps the most simple and obvious way for people to protect themselves from these scam attempts is to not participate. The best thing to do is block these posts and warn others of the potential risks. 

Enable two-factor authentication. Anyone who thinks they may have overshared information in the past should consider enabling two-factor authentication on all of their accounts. Two-factor authentication only allows access to accounts after entering a username and password, then by completing another prompt – such as a code received via text or email, or a scanned fingerprint. Without having access to the authentication method, a fraudster can’t access the accounts. 

Change security questions. To limit the threat of a fraudster accessing information and accounts, it’s OK to make up answers to the verification questions, as long as users can remember them or store them on a secured password manager. Setting a random answer to add an extra layer of security can prevent identity theft. To report identity theft, go to www.IdentityTheft.gov.