Your first pet plus the street you grew up on equals your superhero name. It also equals the answers to two of your bank’s most common security questions. Windscribe VPN CEO Yegor Sak has been sounding the alarm on this exact overlap, and his credibility here isn’t academic — a Greek court dropped criminal charges against him after finding Windscribe had no user logs to surrender. The FTC backs up his warning directly: scammers use quiz answers to secretly tracking users “try and reset your accounts, letting them steal your bank and other account information.”
The Quiz Is the Phish
Nostalgia and social trust are doing the heavy lifting for cybercriminals.
Those “Which 90s sitcom character are you?” and “What’s your drag name?” quizzes generate results from combinations like first pet, birth month, favorite teacher, and childhood street. These are simultaneously the exact knowledge-based authentication prompts used by banks, email providers, and insurance portals. The quizzes work because a friend shared them — not some sketchy stranger in your DMs. That social trust is the whole play. As credit union security guidance bluntly puts it, “Those quizzes you see on social media are one way scammers get security answers they need to steal from you.”
What quiz data lets scammers do:
- Reset bank and email passwords through security questions
- Open new credit lines under your name
- Build targeted phishing profiles from your biographical details
- Launch impersonation attacks using known personal history
- Deliver malware through quiz-adjacent fake login pages, according to McAfee
Here’s the asymmetry that makes this worse than a stolen password: you can reset a password in 90 seconds. You cannot change the street you grew up on or your mother’s maiden name. Ever. These answers are permanent — like handing someone a skeleton key that never expires. The UK’s ICO investigated personality-style apps for mass data harvesting years ago, making viral quizzes the low-budget Cambridge Analytica sequel nobody asked for.
The Fix Is Simple — and Slightly Devious
The smartest thing you can do online this week is lie — strategically.
Update your bank security answers now if you’ve ever played along honestly. Use random strings stored in a password manager — treat those fields like passwords, not diary entries. Enable multi-factor authentication on every financial account. Quiz-harvested data becomes nearly useless when a hardware key or authenticator app stands between a scammer and your money. Lock down your social profiles too: birthdate, hometown, and family connections are all high-value targets.
The era of “share everything, it’s fun” is over for anyone paying attention. Treat every quiz prompt with the same suspicion you’d give a phishing email — because functionally, that’s exactly what it is.
