The Dangers of Internet Quizzes

Are Facebook Quizzes Really Harmless?

People LOVE taking Social Media Quizzes.  Sites like Buzzfeed have entire sections devoted to quizzes.  Facebook timelines are filled with results shared from various quiz-hosting sites.  Quizzes and tests can be great traffic drivers, and from a marketing standpoint, they can be very beneficial to your site.  But what about from a user standpoint?  Are there any dangers of taking these internet tests and sharing the results?  The answer, unfortunately, is neither yes nor no.  There can be great dangers in taking these internet quizzes, or they may be completely harmless.  If you scrutinize before you click, you can easily learn the difference.

What Are Some of the Dangers of Taking a Quiz?

The dangers fall into several categories.  Again, a quiz site may be harmless, and none of these dangers may apply.  Or it may be a complete and total scam site, out to cause you harm.  Most quiz sites fall somewhere between these two extremes. The trick, as with any internet activity, is to be savvy.  You need to arm yourself with the knowledge to evaluate the risks of each individual quiz. This list is by no means inclusive.  It only describes SOME of the dangers you may encounter.

Shady Websites

Whenever you click through from a site, you need to be cautious.  Contrary to popular belief, Facebook does NOT screen outgoing links.  Almost every quiz result shared to Social Media requires you to click through to another site,  That site may be dodgy, or it may be completely legitimate, Signs of a bad site include the following:

If It asks you to update ANYTHING...RUN AWAY

If you click through a link, and you suddenly get a message telling you you need to update or install anything to participate, close the window immediately.  Run a malware scan to be safe.  

You might see a message telling you your Flash is out of date. and asking you to click to update it.  Chances are that link will NOT lead to a flash update, but rather, to malware.  Likewise, if it asks you to install a codec or download a certain video player, get the heck out of there.  Quiz sites are a major avenue for hackers to install key loggers, Trojans, and even ransomware.  Often, these are delivered through bogus update prompts.  

If a site asks you to update your browser, to update windows, or to reset anything, run away fast.  A stupid quiz is NOT worth the health of your computer.

It Asks For Too Many Permissions

Another red flag is when a website asks for too many permissions. This ESPECIALLY applies to logging in with a Social Media Account.  Many shady sites require you log in with Google, Facebook, Twitter, Pinterest, or Instagram.  The log-in box that follows SHOULD list the permissions the app is requesting.  Pay attention to what permissions they want. Many want to scan your system, your contacts, your messages, etc.  This should be a warning sign the app is up to no good. Ask yourself exactly WHY they need the permissions they seek, and what they might do with those permissions once you grant them.  Why do they need to scan your photos or post on your behalf? What might they do with your friends list once they have it?  If your gut tells you an app is asking for too much, it probably is.  Click on out of there.

Data Mining

Even if a quiz and its host are not looking to plant malware, at the very least, it is mining your data. What it does with that data can vary.  Minimally, they're collecting information to sell to marketers. They may plant a cookie that follows you as you surf the net, helping marketers better target advertising.  They may be harvesting information for "targeted lists" they sell to others.  Or they may be compiling information to sell to hackers, spammers, and phone pests.

Most of those free sites you use engage in some form of information gathering.  Data mining is one of the costs of using the Internet, and especially of using Social Media. Data mining to better tailor marketing is unavoidable, and not something you need to fret about too much.  However, not all data mining is harmless.  What you need to watch for are sites using it for nefarious purposes.

A quiz site completely absent of advertising is more likely to be aggressively mining information.  Something has to pay for the site and the resources it uses.  In many cases, your own personal information is what is paying the site's bills.

Again, this list is not meant to be exhaustive.  The bad guys find new ways to use your data every day.  But we do not have to keep facilitating the use of  our own information against us.  

Cloned Accounts

  

Many quizzes, and also "like farming" pages, are set up for the specific purpose of account cloning. How many of us have accepted a duplicate friend request, thinking someone had just started a new account, only to be spammed by a faker?  Often, the cloner gathered the information they needed from nefarious Facebook Quizzes.  Remember when you gave them permission to scan your photos, posts, and friend lists to determine "Who Would Be In Your Wild West Posse?"  When you took that quiz, you just gave the bad guys the information they need to clone your account.  And remember when you shared your result how you gave them permission to post as you?  Well, you just gave them the means to spam both you and all those friends you let them scan.  And all because you wanted to know "Who Would be in Your Rock Band."

Spam and Ads

Remember how you gave them permission to scan your public profile?  And how you logged in with Facebook?  They probably now have your e-mail address, mailing address, and phone numbers.  And they can put them on those lists they sell marketers.  Remember that loophole in the "Do Not Call List" that says they can call you if they have an "established relationship?"  Well, buried somewhere in their Terms of Services is a clause establishing this relationship.  Yes, this is likely how Rachael from Card Services got your contact information.

Impersonating You on the Internet

You probably hang out in several online communities, some of which you frequent more than others.  How would you like to drop in to a forum, comments section, etc. and see that you had been spamming your cohorts with sunglasses ads and work at home schemes all week?  Only it wasn't you?  

"I got hacked!" you try to explain.  "I swear guys, it wasn't me..."

No, it was someone you gave all your info to in exchange for some bogus quiz results.  They used that data to impersonate you in places you previously held some esteem.

Identity Theft

Many bad guys create quizzes to gather the information they need to impersonate us.  What we think of as fun, personality questions are VERY useful in a Social Engineering attack.  When you took that "What Singer Do You Look Like" quiz, you let them scan your photos and your posts.  And you participated in that "10 Bands" trope.  Now, when THEY call Amazon Customer Service to have reset YOUR password, they're successful because they can correctly answer most of your security questions. They were questions on one of those tests you took.

"First Concert?  What did I put for that?  Was it Journey or the Police?  No?  Little Feat then...that's right!  The name of my Best Friend?  Let me see, who was in that posse of mine?"  

The more of these tests you take, the easier it is for someone to impersonate you.  How they use that information may destroy you.  Breaking into your Facebook is bad.  How would you feel if they broke into your PayPal or your bank account?  How would you feel if they hacked into your iTunes or Amazon and spent all sorts of money?  You might feel even worse if you traced it back to some rogue quiz or Facebook app.

How Do I Tell A Good Quiz From a Bad One?

First, assume ALL quizzes are mining your data.  The quiz sponsor may not be data mining, but chances are the quiz host is.  Be wary of ALL widgets and click-throughs when it comes to internet tests. Assume you are giving up marketing profile information at the very least.  However, you give up this information EVERY time you interact with a free service of any kind.  If you are using the Internet, you can assume much of this data is being gathered already.  This is not all bad.  The way I see it, I'd much rather see ads for alternative music and jam bands than for country or rap.  I'd rather see ads for drugstore makeup than ads for Chanel.  

Something has to pay for all this free stuff on the web.  In most cases, that is advertising. I give up aggregate information every day.  Let's face it; most of this data is available in public databases anyway.  But I am aware of what I am giving up in exchange for what I am getting back.  I'd rather trade my information for a free sample than for quiz results any day.

An upcoming article will review ONE specific quiz-hosting website called Quibblo.  This article reviews the specifics of things to watch out for, in-depth.  But in short, much information can be gleaned from the Terms of Service and Privacy Policy sections of a website.

Most legitimate websites have links to the Terms of Service and Privacy Policy in the footer area. (For blogs and content hosted on other platforms, the site must conform to the host's Privacy Policy.  For example, this blog adheres to Blogger's Privacy Policy, as well as having our own.) If a quiz site is missing either of these links, run away.  If it asks for too many permissions or starts getting too personal, run away.  If it makes you click through 2 or three things before getting to either the quiz or the results, flee.  And of course all of the rules that apply to evaluating e-mail apply to quiz sites as well.

If a site is full of grammatical and/or spelling errors, beyond a couple of typos, it's a sign it's probably sketchy.  If it is full of too many "shortened" or masked links, it's probably trying to hide something.  If it warns you about missing plug-ins or outdated software, it's a sign it's probably trying to trick you.  And if a site tries to trick you in any way, it's probably a sign it's up to no good.

What About Buzzfeed?

Buzzfeed is data mining, but not individually.  They're aggregating data to sell.  Why do you think they have so many polls about "Favorite Fast Foods," or "Do you apply makeup like everyone else?" But their quizzes are amongst the most harmless on the internet.  They are silly and have absolutely no validity or basis in fact or theory, but they are harmless.  You probably won't get hacked, cloned, or have your computer blow up because you decided to take a Buzzfeed quiz.  However, if another quiz site has planted a tracking cookie or a "remarketing pixel" on your system, they're seeing which Buzzfeed quizzes you are taking, and your results if you decide to share them, so there is that. The bad guys still might get some valuable info from those Buzzfeed results.  Again, that is a reason to avoid those dodgy quiz sites to begin with.

Upcoming:A Review of a Popular Quiz Hosting Site

Stay tuned to this blog for a review of Quibblo, a popular quiz hosting site I began investigating as a possible marketing resource for bloggers.  This article will review exactly the kinds of things you need to look for in a site's terms. 

Your Thoughts? 

I'd love to hear your thoughts on Internet Quizzes.  Are you an avid quiz taker? Were you aware of some of the associated risks?  Do you think these dangers are overblown?  Do you look at a site's terms before taking a test?  Let me know in the comments.  I'd love to hear thoughts on both sides of the issue.