Social media has completely transformed our lives and made the world a more connected place. There are over 3.725 billion active social media users worldwide, and new platforms are emerging all the time to keep up with our insatiable appetite to connect and share with others.
Despite all the benefits that this interconnectivity brings, the massive growth in social media has led to a huge upsurge in social media scams. Criminals are constantly finding new ways to exploit these platforms to defraud and scam as many people as they can.
Social media-enabled crimes are generating revenues of at least $3.25bn for the global cybercrime economy annually, and according to a recent report from Bromium, 1 in 8 organisations have experienced a security breach as a result of a social media-directed cyber attack.
Techniques and scams are evolving all the time, but we’ve highlighted 5 of the most common social media scams and how you can avoid them.
Finding love in the digital age has never been easier with the multitude of social media sites and online dating apps. Fraudsters have been quick to take advantage of this online quest for love by launching a range of different scams to con people out of money. In fact, figures from the FTC suggest that over $143 million was lost to romance scams in 2018, more than any other type of consumer fraud.
‘Catfishing’ is the act of creating a false identity online in the hope of luring someone into a romantic relationship. Typically, the catfish will create a fake profile using someone else’s photo and personal details. Once they have established their victim’s trust, they’ll start to talk about financial hardships and the inevitable requests for money will begin. Red flags that you’re dealing with a fraudster include getting personal too fast, avoiding detailed questions, a generic profile, fake photos, a request for money or refusing to meet in person.
Facebook and Twitter are awash with quizzes like ‘Who’s your celebrity soulmate?’, ‘What does your star sign say about you?’ or ‘What city are you meant to live in?’. They may seem like a bit of harmless fun, but fraudsters will often use these catchy titles as a way of stealing your data or infecting your device with malware. The answers you provide to seemingly innocent questions such as ‘What city were you born in?’ or ‘What’s your pet’s name?’, are often answers to common security questions used to secure accounts. Once hackers have access to this valuable information, they can attempt to compromise your online identity.
Even if the quiz is legitimate, you will usually have to agree to the site’s terms and conditions which often grant third-party access to your social media profiles, contact lists and other information that can be used in targeted ads. You should avoid taking any of these short quizzes on social media and be highly sceptical if you’re asked to provide any personal information.
Shortened URLs are frequently used on sites like Twitter where you are limited in space. Cybercriminals will often use these shortened URLs as a way of disguising phishing links and malicious websites. By hiding the true URL, users are unable to check the validity of the link and could be directed to a site that infects their device with malware.
It’s proved a very effective way to scam people, but fortunately, there are a few ways you can check if a link is malicious without having to actually click on it. You can copy and paste a link on to sites like ExpandURL or Google Safe Browsing, where they will verify if the link is legitimate and free from malware. They will also provide you with information on the title, description and keywords on the webpage, and let you know if the site’s safe to visit.
Profile hijacking happens when a fraudster takes over a social media account to use it for their own devious means. There are a couple of variations of this scam. A near-identical account may be set up using an individual’s photo, personal details and location. The idea is to trick other users into thinking they are a trustworthy source, then attempt to befriend them and spread malicious links.
Alternatively, hackers may break into an existing profile and change the password to scam friends and contacts. Often, one of the first signs that your account has been hacked is when a friend notifies you that they’ve received a strange message from you with a dubious link. In the event of this happening, you should contact your social media platform to request a password reset and follow their advice on what steps to take next.
How to avoid being scammed on social media
- Don’t click on suspicious links – Be wary of any posts or messages that ask you to click on a link. Even if you know the person, pay close attention to the language and tone of the message. If something seems even the slightest bit off, ignore and delete the message.
- Provide limited information – The amount of personal information you have to provide on social media profiles is optional, so avoid sharing sensitive information such as your home address and phone number.
- Don’t accept friend requests from strangers – If you accept a friend request from someone you’re not familiar with, they can access all the personal details on your profile, your contact lists, and build a detailed picture of your online social activity.
- Do your research – Check the person is genuine by looking up their name, profile picture or any other information they’ve provided you with. If you suspect the photo is fake, you can do a reverse image search using Tin Eye or Google’s Reverse image search. These search engines will show where the photo originated from and where it’s been used.
- Use strong and unique passwords –Using the same password across multiple accounts greatly increases your chance of being hacked. You should use a unique password for each social media account and make it as strong and secure as possible. For extra security, you can use a password manager which will provide a centralised and encrypted location that will keep a record of all your passwords safe.
- Use enhanced privacy settings – Regularly check and adjust your privacy settings to restrict what people can and can’t see on your profile. You should also restrict permissions for apps to access your personal information.
- Enable Two-Factor Authentication – Most social media sites offer Two-Factor Authentication (2FA). This provides an extra layer of security to your online accounts and means that even if someone steals or guesses your password, they won’t be able to access your account without a second authenticating factor.
- Install anti-virus software – The installation of anti-virus software will help detect threats on your computer and block unauthorised users from gaining access.
- Keep operating systems up to date – It’s important to ensure that your software is regularly updated to prevent hackers from gaining access to your device through vulnerabilities in older and outdated systems.
- Don’t use public Wi-Fi to log in to social media sites – These open networks often have unencrypted connections and are vulnerable to being hacked.
MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees on how to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business