Social Media Threats and Scams
We’ve all heard that social media websites such as Facebook, Twitter, Instagram and others can be a treasure trove for hackers. Each day millions of people post comments, photos and videos that are accessed by friends, family and the general public. With all this traffic, it goes without saying, “bad things are going to happen once in a while”. Trouble is, more and more threats and scams are surfacing on social media than ever before, new scams are becoming commonplace. To stay safe, you need to know what to look for. Here’s a short list of some common scams and threats and how to avoid them.
Fake Offering – These scams invite users to join a fake event or group with incentives such as free gift cards. Joining often requires the user to sign up using their Facebook credentials, doing so exposes their user name and password to the scammers. Or, the signup process requires the user to send a text message to a number that turns out to be a premium rate number. Your cell phone bill will see the charge.
Likejacking – Using fake “Like” buttons, attackers trick users into clicking website buttons that install malware and may post updates on a user’s newsfeed, spreading the attack.
Fake Apps – Users are invited to subscribe to an application that appears to be integrated for use with a social network. However, the app turns out to be malware designed to steal your credentials and/or personal data.
It’s not what it appears to be – many scams and threats are well disguised links and photos that look like they were posted and shared by your friends. Sharing type scams are numerous, here’s a few you should be aware of….
Most scams are just interested in getting your clicks. They just want you to visit a site; every time you do the click rate increases and the scammer get more ad dollars from their advertisers. These scams are quite benign. But some aren’t. In 2014 a Facebook scam redirected a link to a malicious site that downloaded malware that gave the attackers control of your computer, allowing them to use your computer to send spam.
Another scam exploited our fear of identity theft. The scammers sent messages that claimed a purchase was made on your iCloud account from an unknown device. A fake link to an Apple website was included in the message, with a request to check your iCloud account information. When the user clicked on the link, you were directed to a site that looked very much like the Apple site, however, when you entered your Apple login username and password, the scammers now had your credentials.
Surveys and Pop Quizzes are another way the scammers get you to fall for their trap. A friend posts a link to a site that rates your eating habits and provides a health index score. To get your score you have to submit your cell number, your score will be sent as a text message. What you didn’t know is that the message comes from a premium service number that will charge you $7.95 or more on your next cell phone bill.
Hidden URL’s, otherwise known as shortened URL’s are becoming more common, you see them everywhere on Twitter. Here’s an example, this link is to the Great Lakes blog post on Windows 10. It’s long, too long to include in a Twitter Tweet.
http://www.greatlakesits.com/#!Windows-10Is-it-Right-for-e/c231l/55e5effa0cf2c1d1fd667878
When you post a link like this in Twitter, it automatically gets shortened to something that looks like this. http://sp.lu/5j8Dk89 These shorter links can be useful, but they can also be dangerous. You just don’t know where they will take you. Be careful what you click on.
As recently as a couple weeks ago, a new Trojan is making its way across Facebook. The malware spreads itself by posting a video that has tagged a few of your friends. When your friend opens the video to have it play, it immediately stops and informs the user that Flash player must be updated. When the user clicks on the fake Flash player link, it downloads the malware onto the computer. The Trojan has already infected over 100,000 Facebook users.
So, there are obviously lots of ways to fall prey on social networks. What can you do to stay safe? Here are eight things to keep in mind.
Keep your personal information private: Be careful what information you share and post online. Don’t assume that only your friends can see your information. Don’t post sensitive data such as: date of birth, address, or other identifying information. Set your online social networking profiles to private: Don’t share account details with anyone. Don’t assume your friend’s computers are as secure as yours.
Use strong passwords. Always use a minimum of 8 characters, more is better. Use a minimum of upper and lower case along with numbers and special characters.
Be careful with new apps. Some apps allow you to sign in via your Facebook or Twitter account. When you do this, you are essentially granting access to an unknown entity or person. Always Google any new app to see what other users have posted, if it’s not trustworthy, others will have posted comments to that effect.
Don’t access social networking sites on public computers. Use your own computer or smartphone instead of the computers at libraries and other public places.
Only real friends: Most of us want to be friends with everyone we meet…don’t. Your friends on social media sites should be real friends.
Teach your children. Kids need to be made aware of the dangers that can surface on social networks. Take the time to teach them.
Watch what you click on. A suspicious link can spell trouble, even the ones that look legit may not be. Be wary.
For more information specific to Facebook, check out the Facebook Scam Alert page. https://www.facebook.com/scamdb/?fref=ts
