Social media has become an important staple in many of our lives. It allows us to share photos with family, stay in touch with friends, and stay up to date on local and national news.
Due to the sheer number of people who use sites like Facebook, Twitter, Instagram, and Pinterest, social media is the perfect platform for criminals to seek their next victims. If enough people click on a malicious link, for example-- one that hijacks your account and reposts itself, the scam can self-replicate on its own with no additional effort for the criminal. This snowball effect goes viral and can sweep through the entire social media community. From the hacker's point of view, it can't possibly get any easier than this.
Another massive benefit to criminals seeking victims through social media is the trust that we've formed with our social media connections. If a friend's account is hacked and posts a malicious link, there's very little way to tell if it's a legitimate post. Does my friend want me to read this article? What kind of video are they trying to share? We generally trust our friends, and we're likely to click on a link they posted.
Clean up your browser and prevent future scams
For the past five years, Cisco has identified Facebook as the most common way that criminals hacked into accounts and computer systems. As the number of internet crimes committed on social media increases, it's important that you know what to look for. Here are a few of the most common scams that occur on social media.
Clickbait is a form of "bait and switch" advertising designed to lure users into clicking on a link to read, view, or listen to content by providing an attractive but overinflated or misleading headline. Essentially, they post something surprising, outrageous, or otherwise interesting (but sometimes not totally accurate) to get people to click on a link.
Clickbait tactics are used both by legitimate and malicious users. Legitimate clickbait articles (think Buzzfeed and Upworthy) typically include many ads that provide the site owner with revenue each time someone views or clicks on an advertisement. Their content is engaging (super helpful life hacks, heartwarming stories, etc), but it can sometimes be annoying scrolling through an endless stream of ads.
Malicious clickbait, however, carries a variety of possible consequences, including malware downloads, phishing attempts, and scams. One such scam goes something like this: Adam saw a post from his friend Pete titled, "See backstage photos from yesterday's concert!" Adam was really curious about what concert Pete went to and what he saw backstage, so he clicked on the link. When he clicked on the link, Adam was prompted to sign into his Facebook account. He thought, "Huh, that's weird. I wonder how I got kicked out of Facebook. I thought I was already logged in" and proceeds to enter his Facebook login information to sign back in and get back to browsing. He never did see those photos, but he didn't think much of it and continued scrolling.
In this scenario, Pete's Facebook account was hacked, and he didn't actually post the post about the concert, but Adam didn't know this. When Adam clicked on the link to learn more about the concert Pete attended and was prompted to sign into his Facebook account, he wasn't on Facebook at all, but on a phishing website designed to look identical to Facebook. When he entered his Facebook username and password, he provided his login information to a criminal who would then use that information to post similar things on Adam's Facebook page so that he could trick Adam's friends.
These types of scams work particularly well because they prey on curiosity and the trust built between two people.
Another way that criminals find additional victims is by impersonating those whose accounts they have compromised or by creating a clone of another person's account. Then, preying on the trust built between
In one example, Amy received a message from her friend Carol. In the message, Carol states that she lost her purse while on vacation and needs $500 wired to help cover her hotel stay so that she can come home, and then she'll pay her back as soon as she returns home. While Amy and Carol haven't spoken recently, Amy and Carol used to be close, so she sees no reason not to trust Carol and sends her the money. In this scenario, Carol's Facebook account was compromised. It wasn't actually Carol who requested the funds, and Amy was tricked into sending money to a scammer that she'll never be able to recover. It's also highly likely that the hacker also messaged more of Carol's friends with the same story.
These types of scams work well for criminals because they prey on the trust built between two people and our desire to stay connected to those who aren't necessarily a part of our daily lives any longer.
Catfishing & Romance Scams
With groups and pages to cover nearly any interest, one could have, more and more people are finding friendships and relationships online. It's estimated that by 2040, 70% of all singles will seek love online. Scammers have capitalized on this by conning people seeking love and friendship online.
Catfishing is a type of harassment that occurs online when someone creates a fake identity online for the purpose of starting a friendship or relationship. Then, they use this relationship and the trust built to scam people out of their money. This method takes more time than the impersonation scam mentioned above because the scammer must take time to build a level of trust. However, using this method, they have full control of their fabricated identity and past.
In one example, Kevin received a friend request from Sarah, who he hasn't met before. After Kevin accepts the friend request, he and Sarah begin messaging each other for hours. The conversation is flowing, and the two get along really well. After a while, they decide that they'd like to meet. Sarah sends Kevin a check to cover his travel expenses so he can come to her but has to ask him to send the money back because she got laid off from her job and needs the money for rent & groceries. Kevin already deposited the check, so he wires Sarah money so she'll receive it in time to pay her bills. After a couple of days, Kevin's bank calls to let him know that the check he deposited was fake, and he had to repay that money to the bank. On top of losing that money, Sarah hasn't responded to any of his messages.
Catfishing scams are particularly effective because the criminal takes the time to build trust with their victim. Most of us wouldn't suspect a cybercriminal to take so much time to build up to a scam.
Quizzes & Polls
We've all seen those quizzes and polls on Facebook. What is your spirit animal? Test your IQ! We can guess your career with only 5 questions! Curious to see how we line up with our friends, many of us click on these quizzes & polls. What harm can it cause?
Andrew clicked on one such quiz. He answered each of the questions, curious to learn what his IQ was. After several minutes of answering questions, he reached the final page of the quiz. There, it asked for his name, email address, and phone number so the website could text or email the quiz results. Andrew doesn't regularly share this information on random sites because he's more technology savvy than that. Still, he just spent 20 minutes answering questions and wanted to know how his IQ stacked up to others, so he decided, "Eh, I guess I'll enter my information. If they start sending annoying spam emails, I'll just mark them as spam or unsubscribe from them. He got his results and was pleased with the outcome. The only problem was that when his next phone bill came, he suddenly had a $30 charge for a messaging service that he didn't sign up for. Not only did the app provide him with his IQ score and a bunch of scammy emails, but it also signed him up for a messaging service that he didn't authorize, and now he's stuck with the bill and the trouble of unsubscribing to the service.
These types of scams work well because they play into our curiosity (and sometimes sheer boredom).
Surveys seem like a great way to learn more about friends and share information about yourself with friends. They help us find people with whom we share similar interests and sometimes create some friendly rivalries.
Joanna saw a fun survey that her friend Nicole posted on her timeline. It was pretty basic and included questions like What is your age? In what town were you born? What street did you grow up on? What was the name of your first pet? Joanna had some time to kill and wanted to play along, so she decided to copy & paste the survey, then overwrite Nicole's answers with her own. She happily updated her Facebook status with the survey and saw that several of her friends had liked the post, added comments, and completed the survey on their own. What Joanna didn't consider at the time was that many of the survey questions she answered were also common security questions. The information she posted in what seemed like a harmless Facebook survey was a huge help to cybercriminals when asked to answer security questions while hacking into her bank account.
How Can I Protect Myself From Social Media Scams?
Always check the URL before entering your login information.
Barring technical problems affecting the login page of a website (which are rare), you shouldn't be asked to sign back into the same site you were just using after clicking on a link. Sure, the page might appear legitimate, but this should set off major red flags. Before entering your login information, always check the URL of the website to ensure that it matches the site you intend to use. Be careful of minor misspellings or similar variations, such as faecbook.com (2 letters switched) instead of facebook.com or login-twitter.com vs. twitter.com.
Don't Accept Friend Requests From People You Don't Know
Think about all of the information you share with your friends and loved ones. Do you really want a stranger to know where you live, where your kids go to school, or what restaurants you frequent? Even if you have friends in common with someone, if you don't know them, don't accept their friend request. Your friend may not actually know them either and may have unknowingly accepted a friend request from a hacker or predator. Set Your Social Media Accounts to Private Each website provides users with privacy controls. Ensuring that the information you share isn't available to the public and that you're sharing only with those you trust, you effectively keep much of your information safe from criminals.
Install Browser Protection
Browser protection is among the cutting edge of online safety technology. Products like Guardio scan each of the websites that you visit and extensions that you add to ensure that they're free of malicious code and scams. They catch things like phishing pages and keyloggers that often go unnoticed, even to the savviest individuals. When a malicious site or extension is found, these products block the offending website or extension and let you know why. They also alert you when a website that you're visiting is still too new to be trusted. Browser Protection keeps you safe by stopping threats BEFORE they reach your device, instead of afterward like traditional antivirus solutions.