Example of phishing FaceBook questions

March 7, 2022, by Helen Whitehead

Why you should never reveal your SPY, SUPERHERO or ROCKSTAR name

You’ve seen it on Facebook loads of times (the examples are not real!). Questions like these:

What’s your SPY name (middle name and current street name), e.g., Jane Middleham

What’s your JEDI name (middle name spelled backwards, your mother’s maiden name spelled backwards): e.g.,Enaj NosnhoJ

Your SUPERHERO name: (“The”, your favourite colour and your first car): e.g., The Purple Astra

And many others…  Sometimes they are stacked up in an email or Facebook post: “fill in your answers and tag a friend”.  Or there might be straight out questions posted from what look like like friendly community accounts: “If you got married in the same place you met, where would you have got married?” Or “How many miles have you moved from where you were born?”

Now think about your passwords, and the security questions you answer to recover your passwords – for work, study, banking…  They are very possibly the same kinds of answers! Yet literally millions of people have answered these silly questions on Facebook or elsewhere and in the process given away their security answers. And by doing so they’ve extended the reach of the questions to their own networks, and encouraged even more people to give away their security. And once it’s out there, it’s out there and all you can do is never use that answer for a security question again.

Never answer these questions, especially not now. It seems like a bit of fun – but it could be a first step in stealing your identity.

There are other things to be aware of in trying to avoid cyber fraud.

Learn how to detect phishing emails as well as spam. The fraudsters are getting better – many of the emails now look very plausible and the spelling isn’t as obviously bad as it used to be. Hovering over a URL can help you see if it’s not actually the claimed website address, but the fraudsters can often use domain names that are very similar. Be very suspicious. The University has advice on how to spot and deal with phishing emails.

Verify payment details. If anyone says that a payment you’re about to make should go into a different account, beware. I’ve heard of companies losing large amounts of money paying invoices into the wrong account. Staff and students at universities have ended up having salary or grants diverted to a fraudster’s account.

Fraud can involve WhatsApp or WeChat or other social media and people pretending to be not only delivery personnel but family members. Or a colleague or manager’s account has been hacked because they answered one of those silly quizzes, and they’re asking you for something unusual… In another example, we know that international students on visas have been targeted by phone and text fraud.  The Home Office or UKVI will never call an international student to request personal details or payments. Be sure to verify independently that anyone phoning is who they say they are, by ringing them back on publicly available phone numbers or the number you have for them.

More on keeping yourself and your details secure can be found on the University’s IT Security pages but please never answer one of those phishing questions again!

Posted in MoodleTip of the DayUniversity of Nottingham LibrariesWeb-based resources