June 17, 2016, Stickley on Security
Cyber criminals will use whatever they can think of to try to get your online banking credentials or other information they can sell on the dark web. Here are five ways they use social media scams to do it and how you can avoid giving up your information, in no particular order.
Commenting To Legitimate Articles
- They use the comments to news articles and popular posts on Facebook by adding their own posts with a conveniently clickable link included. Those who click the link may be taking to fake websites or presented a form for which the user is supposed to enter information. Often the links are accompanied by catchy headlines (click bait) themselves.
- They create fake customer service accounts on Twitter, Facebook, LinkedIn, or other social media that pretend to help customer. For example, they may see a Twitter user complaining about not being able to reach a representative. They reply to that user with a post that includes a link to another site where the user is led to believe he or she will get assistance. Unfortunately, the link really is phony and asks for login credentials and/or other sensitive information.
Create Accounts With Sound-A-Like Names
- They create social media accounts using names that sound like legitimate companies, such as Netflix and offer discounts. When users click links included in these, they are asked for account information or other details that can be sold.
- They use fake online surveys and polls to trick users into inputting information that can be later sold or used for fraud. An example is setting up a realistic news story and asking what users think. A link is included, naturally, but it goes to a fake site where personal information is requested. Often the “surveys” promise a chance to win a fabulous prize.
Request Your Personal Information
- They pretend to offer live streaming of big events, such as the Olympics or other popular sporting events. Often they attach a link to a posted story about the event that is on Facebook. However, when the included links are clicked, a request for personal information appears claiming the video cannot play until they are entered.
Avoid these scams by not clicking links or putting information into any form that appears as a result of clicking links. If you need to reach your financial institution or other organization for any kind of support, contact them directly using information from their website that you have previously bookmarked. Alternately, type the name of the site into the browser manually.
View any comment posted in social media that claims to help you or offer you something sensational with suspicion. If you want to stream an event, go to the website of a well-known and trusted source to get there, such as the major sports broadcasting companies, media outlets, or television networks.
Use apps that are downloaded from the official app stores for your devices. These are typically put under additional scrutiny for security before being allowed into the app stores. Sideloading,downloading apps from places other than the app stores is not recommended because it introduces additional risk of executing malware on your devices.
As always, make sure all internet-connected devices have anti-malware installed and it is kept updated. Also, keep all your software and operating systems updated with the latest critical and security patches. While these actions don’t guarantee malware won’t be installed or a vulnerability won’t be exploited, they reduce your risk significantly and it’s worth the relatively small effort versus dealing with malware.
© Copyright 2016 Stickley on Security
Jim Stickley has stolen credit cards, hacked Social Security numbers, robbed banks, and created fake ATMs. He is an identity thief, but he is no criminal. Fortunately for all victims involved, Stickley is a cyber security expert with over 20 years in the industry who was hired to perform these attacks by corporations testing their security. His job is to find security flaws before the real criminals find them and warn people and organizations about what they can do to protect themselves.