While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month.
Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users and steal their information. While social media platforms boast more than 4.59 billion users worldwide, cybercrime on these platforms accounts for over $3.25 billion in annual global revenue. However, not all acts are financially motivated.
In past years, it was hard to visualize the influence that social media platforms would have on individuals and businesses. Many companies now rely heavily on attracting customers and clients through social media advertising, and with billions of potential people to reach, it’s easy to see why. However, there are many fake accounts that populate social media platforms, with criminals operating these profiles looking for ways to exploit new victims.
Scammers use these fake profiles to befriend innocent people and send malicious links disguised cleverly in seemingly innocuous messages. But that is only one of the many ways in which profiles – and by extension, sensitive personal and business information – can be exploited. Businesses often have dedicated in-house marketers that oversee all of their social media account data, including that of their audiences and customers. If these teams are not built in-house, the responsibility is often outsourced to freelancers or professional marketing agencies.
Nonetheless, it is vital to pay close attention to some of the emerging and developing risks associated with using social media platforms, and take steps to safeguard individual privacy, as well as that of businesses. With cyber attacks and breaches on the rise, it’s crucial to spot these types of criminal activity, and understand how best to protect yourself, as well as your organization.
Types of social media scams
- Phishing - These malicious links could be posted in direct messages, emails, stories, or organic posts, which, when clicked, could infect devices with malware or redirect to websites that capture your login details.
- Quizzes and games - Completing quizzes and playing games via social media are very popular, but filling responses with personal information can potentially attract some nefarious actors, even if the quiz or game is genuine.
- Romance - People can receive friend requests and messages from strangers, not realizing that there are scammers behind these profiles. Social engineering tactics like these exploit emotions to the point where the victim will unwittingly reveal sensitive personal or business information, or send money to the flirtatious stranger who fabricates an emergency crisis.
- Ecommerce - People can be lead to genuine-looking online stores and shops and purchase products without checking the authenticity of the platform. These fraudulent sites capture sensitive information, using it to commit theft.
- Charity - Fake charity pleas often make the rounds, particularly during turbulent times of human interest, such as natural disasters or other newsworthy events. Similar to fraudulent shopping sites, these fake charity sites are set up to capture sensitive information of visitors.
- Job offers - While there is evidence that social media recruitment is legitimate, unfortunately, there are plenty of fake jobs, with often exaggerated offerings to pique the interests of eager job seekers. Many people do not verify whether these jobs are genuine via the recruiter or client website, instead filling out web forms and giving someone easy access to their sensitive information.
- Brand collaborations - Influencers rely heavily on collaborations with brands, and genuine partnerships can be hugely beneficial for both parties. However, among legitimate offers will be some phishing links or fake brand deals, making them targets of cybercrime.
- Investment - Sometimes, people may be approached with promises of high returns for an investment. After committing to the investment scheme, it’s common to be met with silence, with no traces of the fraudulent broker.
- App downloads - Some apps may seem legitimate but will actually download malware onto your device. Other apps may sell your data to other providers. Many people do not check the validity of the brands behind these downloads.
How to spot social media scams
Look for the following criteria in a social media profile or message, which will help you determine whether it is legitimate or not.
- The age of the account.
- How many followers an account has.
- Spelling and grammar errors.
- Unnatural language.
- Poor formatting.
- If the profile looks familiar.
- Unsolicited messages with links.
- Requests for money.
- Posts, ads, or redirects to stores with very tempting deals.
- Vehement requests to communicate via text message or phone.
How to avoid becoming a victim of a social media scam
Consider these tips to help you better protect yourself and your business from these social media scams.
- Inspect the URL - Some URLs can be shortened, making it hard to verify their legitimacy. But if the URL doesn’t match the social media platform or company website you’re on, it’s worth closer inspection and possibly avoiding clicking it.
- Check the branding and company website - Enticing posts may be deliberately crafted so users may not easily notice inconsistencies. If the logo and brand look odd, check whether it’s the same on the company's profile and website. Proceed with caution if these assets look sloppy or appear hastily thrown together.
- Provide training for your team - Much like you would provide professional training for upskilling your team in project management, marketing, sales or any important endeavor, consider doing the same for cybersecurity awareness. They will learn all the important aspects of information protection.
- Use strong, unique passwords - Ensure that you are using different passwords for all your online accounts, including email and each social platform. Try using password manager tools to create secure passwords that cybercriminals would be unlikely to crack.
- Enable Multi-Factor Authentication (MFA) - To prevent unwanted logins to your accounts, keep all your login information stored securely, and enable MFA. This will verify your identity prior to allowing access to the account.
- Keep track of third-party apps - You should regularly review which apps and websites are connected to your account in your settings. Terminate access, and delete any that you don’t regularly use. This is an efficient way to prevent unwanted access.
- Avoid strangers and unverified profiles - Legitimate brands on many social media platforms are verified with a blue checkmark next to their names. If they do not have this, there is a chance that they may be fraudulent. Unfortunately, Twitter has recently presented some security concerns with this verification process. Also, do not accept follower or friend requests from people that you do not know.
- Ignore unsolicited messages - Avoid clicking on any link that does not appear legitimate. Whether a link appears in a post in your feed, directly on your page, in a group, or via a direct message or email, always double-check. Unsolicited or malicious links usually include promotional language which can tempt users into clicking, so be wary.
- Make your accounts private - Consider setting your personal and business accounts to private so that only approved followers can see your content and send you messages. This is a good way to avoid being bombarded with constant messages and comments from people you do not recognize.
It’s impossible to avoid the scammers that permeate social media. However, if you are vigilant and pay close attention, you can keep your sensitive information safe and avoid becoming a victim of cybercrime. To further protect your credit, consider adding a credit freeze and fraud alert on your credit accounts.
If your account has been compromised, request a password reset email from the particular provider, force all sessions to log out, and update the email and phone number associated with your account before changing your password and enabling MFA. If you send a scammer money, try to cancel the transaction by contacting your bank. Your local police department may have a cyber fraud department as well where you may report the crime.
In addition, If you suspect you have become a victim of identity theft or fraud, report the fraud to the social media platform where it occurred, collect as much information as possible, and report your case to the Federal Trade Commission.
About the Tripwire Guest Author:
Chester Avey has over 10 years of experience in cybersecurity and business management. Since retiring he enjoys sharing his knowledge and experience through his writing.
Twitter: @ChesterAvey