The Dark Side of Social Media

Our brains are hard-wired to believe. We take in information literally and then evaluate it against our knowledge to decide whether or not it is true. For a moment, no matter how brief, humans will believe anything that they are told. This belief is compounded if the source of the information is someone that we know, trust, or respect.

Consider the famous Nigerian Prince Scam, a simple, fraudulent e-mail that promises a future cash reward in exchange for a small advance payment. Of course, the scam is ridiculous but, according to historians a version of the scam has been used by con artists for over 200 years. Now, social media has opened up a whole new industry for cyber-criminals and while e-mail spam is decreasing in frequency, social media is ripe with scammers looking to make a quick buck.

Social Media Affiliate Programs

social media scams

Through affiliate programs, scammers can trick you into participating in a survey and/or signing up for a premium service. In this way, scammers collect your info and make money.

All scams have one thing in common, the goal is to make money and social media scams are no different. Most commonly, social media fraudsters monetize their efforts through participation in affiliate programs. These are incentive programs in which companies pay “affiliates” for driving traffic to their website. For instance, some unsuspecting person sees an ad for a free $1,000 gift card if they will only enter their e-mail address. When they enter their e-mail address and click submit, they have earned a referral fee for a criminal. They will never see the gift card because it never existed. It was only a ploy to get personal information.

Common Social Media Scams

Facebook, Instagram, Twitter and all other social media platforms have changed the way people interact socially and professionally. We crave likes, comments, and re-tweets like a pregnant woman craves pickles and ice cream. We are able to follow our best friends and favorite celebrities and interact with them on a daily basis. All of these benefits are noticed by scammers who use them to their advantage when designing their schemes.

Facebook scam

Manual sharing plots are the most common and rely on social media users to spread. Usually, scammers will embed links to an affiliate site or malware inside of videos, pictures, or fake offers meant to entice people into unknowingly sharing the links with their friends. Fake offering scams are related and request social media users to join fake groups or events and share personal information in exchange for a free gift. Together, manual sharing and fake offering scams made up 93% of social media threats.

Phishing

Another type of cyber-fraud, phishing is the collection of personal information for the purposes of moneymaking. In regards to social media, phishing links are almost always hidden behind a hook (pun intended) such as a shocking news story or outlandish celebrity scandal. Once a user clicks on the link, they will be taken to a phishing site where they will be asked to login before they can proceed. Criminals will take the login information and hack other accounts for which the user has the same password (Apple ID, Bank Accounts, E-mail, Cloud Storage, etc.)

What is phishing

How to Protect Yourself

Knowledge and preparation are the two most important defenses against social media scams. While on social media, watch out for sensationalized stories, wild celebrity news, and offers for free money. Instead of clicking on links within social media, search for the stories on reputable news sites to see if they are legitimate. Also, never fill out a form unless you are certain the transaction is secure. Cyber-criminals are very creative and can use just about any personal information against you to make money for themselves.

Android Antivirus

Android Security Suite

In terms of preparation, one of the best investments a social media user can make is an antivirus app that can recognize threats. Apps like Android Security Suite that offers 24/7 real-time protection provides the most comprehensive protection and download directly to your device. Good antimalware will scan and detect malicious websites, phishing sites, and viruses to protect your device and your personal information from falling into the wrong hands.

Tips to Prevent Online Christmas Scams

ugg_browser_extension
“All that glitters is not gold” and when it comes to online scams, Christmas shoppers must watch out for “too good to be true” bargains that could end up hurting their wallets.

According to research conducted in 2013 on behalf of FFA UK by ICM in the UK, online scams cost shoppers $15 million dollars. These people were victims of “vishing” a fraud method that attempts to get personal or financial information via telephone when fraudsters act as technical support agents or sales people.

With cyber Monday and the Christmas shopping season, cybercriminals are offering all kinds of products at very low prices. The website Get Safe Online published a list of the top five most risky items in which you can find Smartphones at the top, followed by game consoles, Ugg boots, Barbour jackets and iPads.

Remember, if it sounds too good to be true, it’s probably a scam or fake item.

Learn how to protect yourself when shopping online:

• If you get a call asking you to confirm a purchase, don’t reveal your bank account or shopping details since this is the way most fraudsters work. Just hang up and call your bank from a different phone to make sure everything is ok.
• Check your bank account regularly and make sure that your bank has your contact numbers so they can alert you if anything unusual or suspicious happens.
• Always make sure web URLs start with “https”, pay close attention to the “S” at the end. If the site doesn’t have the S nor the gold padlock icon, avoid shopping from that website.
• For banking or shopping, only use official online websites and mobile apps.
• Type the address of your bank or online shop directly into your browser. Never use a link from your email to go to your bank website nor should you open attached files that ask for personal information.
• If you own or are in the market for a new smartphone or tablet, protect it by downloading MyAntiTheft with MyAntiVirus and make sure it’s safeguarded with a PIN.
• In regards to online auctions and high value items, make sure you see the product before sending money. Use secure payment methods like PayPal instead of paying individual sellers.
• Once all your shopping or banking sessions are done and you followed this online safety guide, log out of the website or app. Also keep every purchase confirmation email.

You might be giving consent to phishing on your mobile device or computer

News about phishing is published constantly on the Internet and TV, warning people about several threats detected every day in emails, phone calls, social engineering, webpages and social media such as Facebook.

However, not everybody pays attention to this news since the majority are not aware of what phishing really is or what it looks like.

Phishing is an online scam designed by cybercriminals to steal money and personal information from your computer or mobile device, ironically, with your consent.

The way criminals do this is by posing like a legitimate company, organization or bank in order collect sensitive information such as usernames, passwords, credit card details and in some cases money.

The best way to avoid being a victim of phishing is by knowing how to recognize it. The following are examples of the most common ways criminals attack:

Phishing Email:
When you get an email from your bank, social media account, school, etc. requesting verification or some kind of urgent action, pay attention to the following signs to detect phishing:

Email Phishing

Generic greeting: since email phishing is sent in large quantities, criminals use generic names such as “Dear valued costumer”. If you don’t see your name in the email, be suspicious.

Forged Link: Phishing is all about posing as a legitimate company, that’s why emails will look exactly as the genuine company layout. Pay attention to the links that they are asking you to go to, and read if they are actually going to the company’s site or to any other random, unfamiliar one. Another way to do this is by looking at the URL, in most cases the URL should start with “https”, the s stands for secure and if you don’t see it, don’t proceed.

Request sensitive information: If an email is requesting sensitive information such as ID data, credit cards or passwords it is probably phishing. Pay even more attention to the URL or link you are at.

Sense of urgency: Cybercriminals want to get your information ASAP. That’s why they will create threatening or confusing messages to get you to act immediately.

Phishing website:

2-16-2013 2-39-23 PM

Poor resolution: This websites are usually poor quality. Be suspicious if the logo, text or resolution is poor.

Forged URL: Some webpages will masquerade their URL with names similar to the company, however always look for the s in “Https” that will tell you if the webpage is secure. Also, look out for URLs that begin with an IP address, such as: http://12.34.56.78/firstgenericbank/account-update/ — these are likely phishes.

Forged URL’s cannot show a domain path, what this means if you are at “http://www.paypal.com” and entering information, be cautious. There should usually be more to the URL. Paypal would not have you enter any information on their home page! This is a masqueraded URL!

Social Media Phishing:

twitter2-phish-small-private-with-direct-message-v3

Phishing in social media is increasing since people are more social and trusting. Cybercriminals know that and are pushing messages containing threats that accounts will be blocked if users don’t verify information, or promising interesting content such as games, videos or pictures.

So, be aware and pay attention to URLs, layouts, and the types of information you are required to give. Be cautious and keep your antivirus, such as MyAntivirus, updated and running since they can detect scams like phishing and malware behind it.