The following meme, and many others like it, are perpetually common on social media sites:
The basic claim being made is that these weird “question posts” you see all the time, that always get like a million replies, are secretly the way that hackers gain access to your personal information. This is a type of attack called social engineering. They learn enough about you to be able to guess your passwords — and once they have your passwords, the basic strategy is to log into your financial services and transfer your money to themselves.
This is (almost) entirely false.
The question posts do exist and are popular, but it’s for a good reason that has nothing to do with hacking. They simply drive a lot of engagement. They’re fun to answer (my “porn name” according to this meme is Andrew Rabbit). Engagement keeps people on Facebook incrementally longer, which drives more exposure to ads, and thus more revenue. That’s all. There’s nothing more nefarious to it than that.
Social engineering as a hacking method does exist, but it’s extremely rare. It’s rare because it’s labor intensive, thus inefficient. It’s really only done when there is a specific high-value individual being targeted for a specific purpose; someone who justifies a team of people spending weeks trying to guess his passwords. There are also better ways to target specific individuals, e.g. spear phishing.
In fact, the top image on the meme — a hacker dude sitting at his console — is more likely the cause of your breach. He’s launching massive high volume automated attacks that target millions of people. Every day his database fills up with valid email/password combinations, and often with 2FA verification methods (like cell phone numbers) as well.
If you or someone you know have been one of his victims, it was almost certainly via one of these four methods: