True North Networks Blog
Don't Fall Victim To These Common Social Networking Scams
When we consider phishing scams, we tend to think about email, but many cybercriminals target popular social media channels to hook their prey. The central goal is still to persuade someone to click a link, reveal logins and passwords or share other sensitive details. Victims may unwittingly trigger the download of malware, installing keyloggers that record keystrokes and Trojans that send them to cybercriminals. Sometimes victims will enter login details onto fake websites or answer queries that are presented as legitimate requests or fun activities, like quizzes.
Social networking is all about interacting with people, and familiarity with social media platforms can cause us to let our guard down. It's easy to emulate official services like Twitter or Facebook, and hacked accounts can be leveraged to cause all sorts of mischief.
In this article, we're going to delve into some common scams on four of the most popular social media platforms.
Typical Facebook Phishing Scams
As the largest social media platform on earth, Facebook has become an all too popular hunting ground for cybercriminals. Despite Facebook's efforts to combat spam and scams, it remains a hotbed for phishing attacks. There are many kinds of phishing scenarios at play on Facebook.
Cybercriminals will often send emails that purport to come from Facebook and closely imitate the look of genuine emails. These phishing emails will typically include an alarming message stating that your password has been reset and you must click on a link or open an attachment to sort things out or risk losing access to your account.
Invariably, the link or attachment triggers malware. But this kind of thing is a typical email phishing ploy that's counting on your familiarity and trust with Facebook.
Some of the sneakier phishing attacks will use the platform itself. You may be befriended by fake accounts that cybercriminals have set up specifically to harvest personal details.
Hacked accounts are frequently used to post malicious links that may direct people to fake login pages. If the victim enters their email address and password, then the scammer has access to their account and personal details, using it to scam all their contacts in a similar manner.
You're much more likely to click a link when it appears to have been posted by a trusted friend or family member. Some scammers use hacked accounts to appeal to family and friends for money transfers. If the cybercriminal is smart, they will wait until someone is traveling, then send an instant message through Facebook posing as the person, explaining that they've run into trouble, and appealing to family or friends for help. Usually, a link will be offered to make the cash transfer.
Even those apparently innocuous quizzes that people do for a bit of fun, such as "What Star Wars character are you?" may be data grabs from unscrupulous third-party developers. This can lead to the sale of your personal details and endless spam. If these shenanigans didn't work, they wouldn't exist.
Anatomy Of A Twitter Phish
Starting out with a phishing email to collect Twitter login details, cybercriminals can then use any accounts they've gained access to and send direct messages to the contacts of those people to trick them into clicking links. Because Twitter has a character limit on tweets, it's also easy for cybercriminals to hide dodgy links using services like bit.ly to shorten the URL and hide the real address.
Another common scam on Twitter is to offer thousands of followers, sometimes even targeted demographics that businesses may covet. If you're persuaded to make a payment, you can end up at risk of identity theft. There's also a good chance, even if you do gain extra followers, that they'll be associated with fake accounts, which can lead to a Twitter ban.
Phishing On YouTube
Many scams on YouTube focus on the pursuit of more views, promising traffic increases or more subscribers if you hand over your YouTube account details and credit card number. This can lead to identity theft, your account being used to scam others or malware infection — sometimes all three.
Some scams exploit major events, such as natural disasters or terrorist attacks, to persuade you to click on a link to view a video that has supposedly been removed from YouTube for copyright reasons. This might trigger a pop-up window that insists you need to install a toolbar to watch the video or a survey that must be completed. In either case, you'll end up with malware on your system, or your personal details being used to hack your accounts or steal your identity.
Phishing Lures On LinkedIn
Even LinkedIn, the social networking of choice for businesspeople, isn't immune from phishing scams. Cybercriminals will frequently create false profiles, even posing as co-workers, to connect with you and gain access to your personal data. Sometimes the scammers will join group discussions and post malicious links that purport to be lucrative job offers or fake online application forms that can be used to harvest personal data.
These are just four popular platform examples of clicking gone wrong. If you ever posted on Craigslist, then you've probably been targeted with an offer to send you money, usually more than your asking price, and often without the person ever actually seeing the item for sale, in exchange for some personal details like your home address. If it sounds too good to be true, it always is.
In every case, you can protect yourself by maintaining a natural cynicism plus cautious distrust. Guard your personal information, be wary about who you connect with and, if in doubt, trust your instincts.
Our next in the series will look at even more tips for how to protect yourself from social media scams.