In Pictures: How to Spot a Social Media Scam
Social networking sites such as Facebook and Twitter are breeding grounds for phishing, clickjacking and social engineering attacks. Here are nine tips for spotting a scam, plus advice for what to do if you fall victim.
Social networking sites such as Facebook and Twitter are breeding grounds for phishing, clickjacking and social engineering attacks, which, security experts say, are on the rise.
"These criminals are paid to gather email addresses and [to generate] online advertising clickthroughs," says Dhugael McLean, chief security scientist at Support.com. "Social media scams are getting more and more advanced in how they try to trick you," he says.
Here's a look at how you can spot a social media scam, plus tips for what to do if you fall victim.
Be Suspicious of Everything
Whether you're using Facebook, LinkedIn or Twitter, McLean says you need to adopt a new mindset: be suspicious of everything and "surf the Internet defensively."
"You need to treat everything that people post with some level of suspicion," McLean says. "Because there's more bad stuff on social media sites than legitimate stuff, you need to be fundamentally distrustful of what you're seeing on the screen at all times."
Does the Message Provoke?
Whether it's a Facebook post or a direct message via Twitter, McLean suggests you pay careful attention to the structure of the message: If the message is provoking an emotional response, don't click.
"If its saying something like, 'Hey is this really a picture of you?' or 'See who has unfriended you!' that's what you should zero-in on," McLean says. "And always be wary if they're offering something for free."
Know Key Phrases Used in Scams
While the content of social media scams is always changing, McLean says, there are some key phrases you should know.
Watch out for sentences that begin with "Did you know...?" and "Can you believe...?" These phrases, like the messages that provoke, entice you to click when you probably shouldn't.
Hover Over Hyperlinks
Hyperlinks can look like they're taking you one place, but redirect you to another unless you verify the destination, McLean says.
If you encounter a link to a video posted on Facebook or receive a message with hyperlinked text, mouse over it to view the real URL, which will appear at the bottom of your browser.
Shortened URLs, which are most commonly found on Twitter, aren't as easy to discern. For these, try using a URL expander, such as URLex.org before you click.
Know Where You Are on the Web
If you clicked a suspicious link, what do you do next? McLean says the first step is to verify the Web address.
"If a link sends you to another Webpage and away from Facebook, you're no longer within that security shell," McLean says. And while the site you're sent to may look like Facebook or Twitter, it very well might not be.
"It sounds like one of the simplest things, but double-check that you recognize the Web address, and that it's nothing other than www.facebook.com or www.twitter.com," McLean says. "If you're not aware of where you are, it's like driving around with your eyes closed—you're probably going to hurt yourself."
Never Enter Your Password
Ninety-nine percent of social media scams want you to enter your username and password, McLean says. If you click a link that sends you to a page that prompts you for your password, don't enter it, he says.
"Just close the browser, and there's likely no harm done," McLean says.
You Entered Your Password, Now What?
You clicked a link and entered your password on an illegitimate site, so now what? Immediately change your account's password, McLean says.
One suggestion for developing a good password: Use the color of your first bike and the name of your first pet, plus the last two digits of the year you were born, McLean says.
If you use the compromised password for other sites, be sure you change those, too. "Criminals know to try that password on other sites, and you don't want more accounts hacked," he says.
Use a Secure Browser
Ensuring your browser is up-to-date is imperative, McLean says, as is steering clear of old Web browser technology.
"Because Internet Explorer is the most popular browser, it's the one that's most open to attacks and vulnerabilities," he says. McLean also warns against Firefox because of how its plugin engine works, favoring Google Chrome as the most-secure browser.
Use Online Resources
There are a number of Websites to help you verify whether a post on social media is a hoax or a scam: Snopes is a resource that tracks internet scams, rumors and misinformation, and is the first place you should check if you have doubts about something you see, McLean says.
McLean also suggests ScamTrends.com and FBI.gov as additional resources to consult.