If you're a regular on Facebook, you've probably spotted one of those quizzes that lets users generate funny names for themselves based on a few personal details. If you were born in March, your elf name is Twinkle, and your mother's last name, and so on.
But what seems like a bit of fun might actually be an attempt to by hackers and cyber criminals to obtain personal information that they could use to recover your account details. Over a billion people use Facebook around the globe, which makes the platform an attractive place for those wishing to commit identity theft.
Following a number of people falling victim to identity theft, the Sutton Police Department of Massachusetts issued a warning to Facebook users, asking them not to take part in quizzes or questionnaires unless they trusted the person or company behind it.
“Please beware of some of the posts you comment on," the police department wrote in a viral post that now has over 200,000 shares. "These questionable posts ask who was your first-grade teacher, who was your childhood best friend, what was your first car, your place of birth, your favorite place, your first pet, where did you go on your first flight, etc."
The police department goes on to explain why giving out these seemingly harmless answers could be a terrible idea.
"Those are the same questions asked when setting up accounts as security questions. You are giving out the answers to your security questions without realising it. Hackers are setting these up as a get to know each other better game. Then they build a profile of you from several different data sources. They use this data to hack your accounts or open lines of credit in your name."
The Chief Technologist for the Good Housekeeping Institute reiterated this message:
"A nugget of information in isolation may not seem like a big deal, but combining that with other data out there can result in a more significant threat."
"Be mindful of photos or posts that could give away too much information and consider if you’re posting something that could help locate you offline or make it easier for someone to figure out any of your passwords.”
And elves aren't the only means that criminals use. Reddit user Axle-f shared a photo they spotted on Facebook that could been a similar attempt to obtain information from users. This quiz asked users for their grandparent's name, the names of their pets, and even the street they live on.
"Saw this on a large Facebook & commented that it's a password recovery phish," Axle-f wrote. "No one cared and it's still up with 127 comments thus far."
The Federal Trade Commission has set up a website for anyone who feels their data has been compromised. To prevent accounts from getting compromised in the first place, experts recommend using secure passwords, as well as custom account recovery questions where possible. You can also enable two-factor authentication on most accounts so that login attempts will require access to your cellphone.