The digital age has led to people becoming more active on social media than anywhere else. This presents phishers with a golden opportunity to come up with different social media phishing scams. According to Federal Trade Commission, more than 95000 people reported $750 million in losses in 2021 due to fraud on social media platforms. Even more concerning is that these numbers have seen more than a 100% rise from the previous year’s numbers. All this points out one thing – we need to be aware of common scams and how to steer clear of these traps. Let’s understand the basics of social media phishing first.
Social media phishing is when cybercriminals attempt to trick victims into revealing personal information by creating a fake sense of urgency. This fake sense of urgency causes victims to take quick action instead of considering whether the message is suspicious. The personal information is then typically used to extract money. For example, someone posts a comment on your friend’s profile, saying, “I saved my profile from Instagram’s latest account deletion drive. Save your account today,” along with a link. Once you open that link, these scammers harvest important information like your financial details and answers to security questions, and you start losing money quickly. These scams have even reached businesses, leading them to use emerging technologies like CAASM.
A social media phisher often creates fake profiles and malicious websites to send requests and DMs to innocent people asking them to visit a link or reply with personal data. These scams typically try to:
- Steal your financial credentials
- Impersonate you and get in contact with your friends
- Get access to your social accounts
- Infect your device with malware
- Impersonate someone you know
Gone are the days when you had to be aware of phishing emails alone. Now these scams have reached every social media network you’re on. Here are some common scams and how to counter them.
A common Instagram phishing scam involves sending a DM to your account, prompting you to take action before your account gets suspended. Image source
Sometimes, these DMs come from accounts with thousands of followers and look real. For example, the account in this message had over 151,000 followers. When you click on the link, you’ll be asked to share your username, password, and email address. If you have the same password for your email, it gives the phisher a great scamming opportunity, as emails are generally used for identity verification. How to identify and counter this scam?
- Read the message thoroughly. The title “Hi Instagram User” itself seems off.
- Check the domain name before sharing any details. If it’s something other than “www.instagram.com,” block the sender immediately.
- Never click on any links you’re not sure about.
Have you ever scrolled through Facebook and come across seemingly harmless quizzes? Those “just for fun” or “see which Marvel character matches your personality” quizzes can extract meaningful information. Image source
Some of these questions are common security questions that are often used for your banking, insurance, or email accounts. How to identify and counter this scam?
- If you participate in a quiz, ensure you’re not sharing details to common security questions like your pet’s name, the street you grew up on, or who was your first best friend.
- Don’t add too many personal details to your profile.
- Always look at the profile that created the quiz. Is it a brand you trust?
Many of us use LinkedIn to search and apply for jobs. A common LinkedIn phishing scam targets job seekers by posing as legitimate recruiters and employers. They set up job boards or send DMs asking you to apply for a job at their company. You may even be emailed with a link to upload your CV.
These job offers usually sound very lucrative (flexible work timings, multiple job benefits, a long vacation period, etc.) and create a sense of fake urgency – “We want to hire someone very quickly.” Once you click the link, they may ask you to share your financial details to check your credit score or extract other personal information. How to identify and counter this scam?
- Beware of someone using their personal email address. Most recruiters have a professional email address that goes by “firstname.lastname@example.org.”
- Review job postings thoroughly. Check if there’s a lack of information about the company, any typos or errors, and if there are any suspicious terms like “wire transfer.”
- Research the company’s social profiles and how new the recruiter’s profile on LinkedIn is.
We all look up to social accounts having a blue tick – showing that the account is verified and authentic. But with the introduction of Twitter Blue, people could subscribe by paying a certain fee and getting a blue tick. This led to a new phishing scam. The confusion around the process led to many phishers imitating Twitter representatives and aiming to steal the usernames and passwords of those accounts who wished to get verified. Image source
How to identify and counter this scam?
- Set up two-factor verification and double-check the email address that sends you such an email.
- Check grammatical errors. If the email/form comes from Twitter, it should have no errors.
- Buy the subscription only from Twitter’s website.
As the time spent on social media keeps increasing, we need to be more cautious of different phishing scams taking place and successfully avoiding them. Here are some final quick best practices to stay safe from phishing:
- Don’t use the same username and password for all your social accounts. If one gets stolen, you put all your accounts at risk.
- Use security measures like two-factor authentication, strong passwords, and encryption.
- Don’t accept requests from strangers/shady profiles.
- Avoid publicly sharing your personal information on social media.
- Never click on links that lead you to websites you don’t know.
- Block and report fake profiles so others don’t fall victim to these same scams.
Now you’re all set to spot phishing scams and protect your account against privacy theft. It’s time to focus on building a strong social media presence.
Author bio: Carl Torrence is a Content Marketer at Marketing Digest. His core expertise lies in developing data-driven content for brands, SaaS businesses, and agencies. In his free time, he enjoys binge-watching time-travel movies and listening to Linkin Park and Coldplay albums.
Twitter – https://twitter.com/torrence_carl
LinkedIn – https://www.linkedin.com/in/torrence-carl/
Headshot – Carl Torrence.jpg