Due to its wealth of personal information, social media has become a valuable tool for fraudsters to carry out their social engineering attacks. These scams are committed on social networking sites where scammers often create fake profiles, befriend innocent people, and send spam messages or links that lead to malicious websites.
Fraudsters will often use the information contained on various social media platforms and pretend to be a trusted person and encourage users to disclose their confidential information or to take specific action (e.g. send a payment).
Scammers can also make adverts or posts appear genuine by using official brand logos and made up terms and conditions. They often appear as special offers or contests, tricking you into entering your personal and financial information. Some common types of social scams are:
Email Notification Phishing
Social media revolves around notifications. Almost every aspect of these platforms can send an update to users to bring them back to the platform or inform them. The point of contact outside the platform is always email, and the template they use is similar and rarely questioned.
Users receiving these email messages often click on the button, taking them to the notification without paying too much attention to the rest of the design. This behaviour is what hackers rely on to get users to click on fraudulent links hidden in the buttons. The site it takes them to is then used to steal sensitive information via a fake password reset scam or malware download.
Facebook Quiz Phishing
Quizzes of all types started popping up all over Facebook, some using platform apps and some hosted on a different website. The titles range from “What type of childhood did you have” to “What kind of driver are you” and seem relatively harmless. However, the questions asked during the quiz are crafted to make the victim surrender information that are common answers to password security questions. This data is then used to reset the passwords of the victim’s account and take control of it.
While these quizzes may be entertaining, it’s best not to answer them since it’s too difficult to determine which ones are legitimate. It’s also ideal to keep your social media account private to strangers and never state identifying information in your image captions (make and model of your first car, address of your house growing up, etc.).
LinkedIn Fake Job Scam
In recent years, the job market has been on fire and employees are constantly on the lookout for qualified individuals. LinkedIn has allowed for the recruitment process to become highly streamlined. However, it’s also allowed scammers to create fraudulent company pages to run fake job scams.
They’ll create a job posting and collect applications or message users to share it with them. Some do this to gather sensitive information to launch phishing attacks later. Others will act as if the victim got the job and mail them a fraudulent check for their first pay, asking them to send back a portion to them for whatever reason.
The check later bounces, the scammer escapes with the money, and the victim is out for that amount. This type of practice is always a scam, and it’s the best way to spot a fake job scam. This scenario demonstrates why it’s paramount to research any employer before applying for a job to make sure they are legit.
The same thing applies to sharing personal information with an employer. Ensure it’s done over secure communication and you fully understand why the employer is asking you for this information.
All social media platforms include some form of direct messaging between users. This functionality has led many scammers to create fake profiles closely reminiscent of their victim’s friends or family. They then ask users to send them money to cover a bill or share a password with them.
Fake social media profiles can be challenging to discern. Depending on the platform, scammers will have collected information such as jobs and city of birth to make profiles look incredibly realistic. Add recent photos, and you could quickly become the victim of a scam.
Fake Customer Support
One of the biggest tasks done on social media is getting direct support from a company. The instantaneous nature of online chats makes them more convenient than long phone calls, and consumers often prefer them. This consumer need has led many companies to start dedicated support accounts.
These accounts are only a stolen logo and description away from hackers scamming people. Using these accounts, criminals will contact people who have requested help, passing as the company. They’ll then direct them to a fake login page to steal their login information. Particularly brazen scammers will even get their victims to pay for repair services.
Here is some advice when faced with possible social scams.
Bank of St Helena would not contact you via social media unless you have made first contact using the channels – Facebook and LinkedIn (links to social media channels can be found on the Bank’s official website). The Bank does not use WhatsApp to contact customers.
Be wary of any posts or messages that ask you to click on a link. Even if you know the person, pay close attention to the language and tone of the message. If something seems even the slightest bit off, ignore and delete the message.
If you accept a friend request from someone you’re not familiar with, they can access all the personal details on your profile, your contact lists, and build a detailed picture of your online social activity.
The amount of personal information you have to provide on social media profiles is optional, so avoid sharing sensitive information such as your home address and phone number.
Check the person is genuine by looking up their name, profile picture or any other information they’ve provided you with.
Regularly check and adjust your privacy settings to restrict what people can and can’t see on your profile. You should also restrict permissions for apps to access your personal information.
Most social media sites offer Two-Factor Authentication. This provides an extra layer of security to your online accounts and means that even if someone steals or guesses your password, they won’t be able to access your account without a second authenticating factor.
Using the same password across multiple accounts greatly increases your chance of being hacked. You should use a unique password for each social media account and make it as strong and secure as possible.
|wpl_user_preference||sainthelenabank.com||WP GDPR Cookie Consent Preferences||1 year||HTTP|
|_ga||sainthelenabank.com||Google Universal Analytics long-time unique user tracking identifier.||2 years||HTTP|
|_gid||sainthelenabank.com||Google Universal Analytics short-time unique user tracking identifier.||1 days||HTTP|
|_wpfuuid||sainthelenabank.com||Online Forms||11 years||---|