Earlier this year I started seeing a silly quiz coming from friends on Facebook. It was a post titled "Concerts I've been to but one is a lie". Their post went on to show 10 bands that they may or may not have seen in concert and it was my job to correctly identify the one they did not see.
It was fun and interesting and soon all of my friends were posting and sharing it.
As crazy as this might sound, a hacker could take that information and use it to reset and steal your passwords. Dr. Andrew Selepak, a social media professor at the University of Florida told me how it works.
"Sometimes companies will ask 'what is the first concert that you went to as one of your password questions," he said.
You've seen those security questions that ask for a secret answer in order to re-set a password. Sometimes it's your first concert, sometimes it's a favorite pet or teacher and sometimes it's your mother's maiden name. If a hacker were to target you for identity theft and if they had access to these silly posts, they'd get a head-start in gaining access to an account.
"So technically you could be giving up some of your password information by indicating who your favorite musician is or the first concert you attended," Selepak said.
The chance of that actually happening to you is very small, but we have to remember that hackers get paid to steal information. It is their 9-5 job. They'll scan the internet looking for a potential victim and then methodically try this and other tactics to access your accounts.
Facebook is fraught with other frauds and scams. Another common tactic is called "Like Farming". This scam doesn't actually set out to steal your passwords but can send you posts and links with the end-game being infecting your computer with malware, ransomware or spamware.
This scam usually involves headlines that are designed to gather likes or shares. One such headline and post was shared by one of my Facebook friends in the last week. It was a photo of a young woman with a birthmark on her face. The caption read "my mother doesn't think I'll get any likes because I'm disable and people don't like disables". The post asks for likes, shares and amens. At present time this post has over 20,000 likes and over 64,000 shares.
By clicking on the post you are sent to the Facebook page of a company or person who posts photos of disabled women they've found on the internet. The captions are almost always the same and always asks for shares, likes or comments. In a 'like farm', the pages seek to build up hundreds or thousands of page likes.
When enough is gathered the page will sell the page to another company that will send out spam or malware links to those who liked the original page. It also can make money for those companies by gaining likes.
"Anyone can create a Facebook ad with just a couple of dollars," Selepak said. "Which can take you to a website which could, all of a sudden, download malware onto your computer."
To protect yourself, your computer and your friends, it's best to ignore attention-grabbing posts asking for likes, shares, comments and amens. It's also good to beware of any shared posts that use 'Jesus' or 'God' in the title. Hackers have learned that religious posts such as these often influence how people share or comment.
It's also a good practice to only accept friend requests from people you know. A hacker, posing as a friend can see everything you post.