While awareness of phishing scams through email is high, many people are ignorant of the risks they face on social media platforms. Cunning cybercriminals exploit these conduits for social networking by employing social engineering techniques to trick victims. And, because people use social media platforms to relax, communicate with friends, and interact with large brands, they often drop their guard.
Social media scams have skyrocketed in the last few years. Total reported losses were $134 million in 2019, but rose to $117 million in just the first six months of 2020, according to a Federal Trade Commission (FTC (News - Alert)) report. The variety of scams you can run into on social media is astounding, so it’s vital to develop secure habits. We’re going to explain how some common scams work and offer up advice to help you avoid them.
Think Before Clicking
While many scams lurk on social media platforms, the most common rely on the target clicking on a link. Links appear in posts or via various types of message and often lead to fake login pages designed to steal usernames and passwords. A major reason that social media platforms are ideal for scammers is that people commonly use URL shortening services that obscure links.
One very popular Twitter (News - Alert) scam starts with an email notification claiming you have received a direct message, but if you click the link in the email it takes you to a fake Twitter login page. Once the cybercriminals have your Twitter login, they can use the same technique to trick your followers by sending direct messages in Twitter that appear to come from you.
Sometimes links will directly trigger malware downloads that install keyloggers to record your keystrokes and Trojan programs to send the data back to cybercriminals. Malicious links are often represented as YouTube (News - Alert) videos, but clicking to view them prompts the installation of an update or software that will supposedly let you view the video. Sometimes a claim that the video is hosted elsewhere because of copyright issues is used as an excuse to persuade victims to click the link and trigger the malware download.
Fake Products Or Services
Just because you see an ad for something on Facebook (News - Alert) or another social media platform doesn’t mean that it’s legitimate. Scammers will sometimes set up elaborate ecommerce websites with advertising campaigns on social media for goods or services that are extremely low quality, or that simply never get delivered. They might collect orders promising a tech product at a low price or guaranteeing thousands of new followers, but after you pay, they disappear with your cash.
Online shopping fraud topped the FTC list of social media scams in early 2020, with 28% of reports complaining about goods that were ordered but never received. Scammers can employ highly targeted advertising through platforms like Instagram and Facebook to reach likely victims with professional-looking adverts. Sadly, scammers can simply delete any negative comments on their ads, so that fresh victims don’t realize it’s a scam.
Personal Messages And Romance Scams
The theft of login details allows scammers to do a little research and devise even more sophisticated scams. As an example, a cybercriminal may send messages from an account to a relative claiming to be stranded somewhere and appealing for them to send cash to help. And if they’re patient, they can up the plausibility of the scam by doing a bit of sleuthing and running the scam when the owner of the stolen account is genuinely traveling. Remember that you may not realize your account has been hacked until it’s too late.
Romance scams are also commonplace on social media. Scammers create a false account or use a hacked account to block the original owner and then catfish unsuspecting victims. They pose as someone else and reel their victim into a romance, often inventing whole lives and carrying on conversations back and forth for months. At some point, when they feel the victim trusts them, there will be an appeal for cash, perhaps for a plane ticket to visit or vital healthcare.
Competitions, Quizzes, And Job Ads
Another way that sneaky scammers collect information is through the use of competitions and quizzes. Popular on social media, the promise of a potential prize or a diverting bit of ‘innocent’ fun is often enough to persuade people to reveal personal information. Sometimes granting permissions to apps on social media platforms will give the developers access to personal information and contacts. Some scams request bank information before you can claim your prize.
While people typically imagine professional platforms like Linkedin are more trustworthy, they can also be manipulated by scammers. You may get a contact request from someone who supposedly works at the same company as you, but it’s best to do a little homework and verify people are who they say they are before you accept. Some scammers prey on job seekers with fake job ads that request all sorts of personal information.
Don’t make it easy for scammers on social media. Take some time to review your privacy settings, think about what you share, who you connect with, and always be careful where you click.
About the Author
Perry Carpenter is author of Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors (Wiley, 2019). He is Chief Evangelist and Security Officer for KnowBe4, the world's largest security awareness training and simulated phishing platform. He holds a MS in Information Assurance (MSIA) from Norwich University (News - Alert) and is a Certified Chief Information Security Officer (C|CISO).