Why the '10 concerts' meme could be putting you at risk

Emma Woollacott

For the last week or so, a new meme has been sweeping Facebook: '10 Concerts I've Been To, One is a Lie'.

The idea is to list ten concerts of which you've been to only nine, challenging your friends to work out which one isn't true.

It's an appealing meme, giving people the chance to reminisce - and to subtly show off about the nine they really did attend.

But security experts are warning that you may want to steer clear of taking part, as the information you're providing could be useful to hackers.

Scamwatch: Facebook charity fraud

As University of Washington professor Kate Starbird has pointed out, many security systems ask for the first concert you attended as a way of verifying your identity. Any hackers having read your list have a very good chance of getting that question right.

And it's not just the specific facts that you provide that could be of use to cyber criminals, as your list can reveal a lot more about you than you might think.

Social media is leaving you vulnerable to scammers

"In its essence, it could simply be a fun, low-investment way to get to know your network and stimulate conversations. But, in some cases, memes can be deceptively dangerous," says Brian Solis, principal analyst at tech consultancy Altimeter.

"When live shows are added to other information from a user's profile, hackers can then approximate age, interests, religion, et cetera, to gain access to everything from your password to your financial information and more."

New 'BT' scam: claims scammer is accessing your internet

Even more dangerous are the memes that claim to reveal your true personality if you click on a link to fill in a quiz - which Roman goddess you'd be, for example, or the colour of your 'spirit aura'.

"Just visiting the page can download malware onto your computer, including Trojans," says Jeannie Warner of White Hat Security.

"These days, malware isn't just delivered via emails – it can trigger just from landing on an unsafe page."

Experts advise being very cautious about what you reveal online. Alternatively, you can take the opposite approach, and simply lie when it comes to security questions. Solis recommends, for example, telling your bank that your mother's maiden name was 'eggs benedict' or similar - not something a hacker could ever work out.