Cybercriminals Playing Us For Fools on Social Media

Everything we do on the Internet — making travel plans, keeping in touch with our relatives or seeing what our friends are up to on Facebook — leaves a trail of information about our location, finances and relationships. With cybercrime on the rise and nearly one million new security threats released every single day (viruses, hacks or identify threats), all of our information is at risk of being exposed.

Just as we take steps to protect ourselves offline by installing home security systems or always locking our doors, it’s now more important than ever for us to cover our digital tracks and understand where we might be vulnerable.

However the public undervalued their data in 2014, freely giving away email addresses and login credentials without checking that they were on a legitimate website. If you’re active on social media, chances are you’ve seen one of the following offers appear in your news feeds and timelines:

  • Free smartphones, airline tickets, or gift cards
  • Unbelievable news about celebrities (sex tapes, death)
  • Significant world news (specifically, natural disasters)

While scammers certainly evolved their tactics and ventured onto new platforms in 2014, a lot of their success continues to come from our willingness to fall for predictable and easily avoided scams. Symantec’s Internet Security Threat Report (ISTR) Volume 20 revealed that the big shift in social media scams in 2014 was the uptake in manual sharing scams. This is where people voluntarily and unwittingly share enticing videos, stories, pictures, and offers that actually include links to malicious or affiliate sites.

According to the report, 87 percent of social media scams in Singapore were manually shared, 17 percent higher than the global average. These scams spread rapidly and are lucrative for cybercriminals who take advantage of people’s willingness to trust content shared by their friends.

One such scam in 2014 took advantage of the death of Robin Williams, with a social media post purporting to share his goodbye video. Unwitting users were asked to share the video with their friends before they could view it, and were instructed to fill out surveys, download software, or were redirected to a fake news website. There was no video.

With manual sharing the cybercriminal can sit back and watch users do the work for them — there’s no need for them to perform any hacks. Other social media scams require a bit more work on the part of the criminal. Dating app scams, for example, require users to click through links and sign up for external websites, at which point scammers would then make commission as part of an affiliate programme.

In 2014, the Singapore Police Force revealed that there had been a 62 percent increase in online love scams between 2012 and 2013, and it is no surprise that cybercriminals see the potential for a quick profit via dating apps. Affiliate programmes either pay cybercriminals for every victim that clicks through, or only pay out if the victim signs up and shares credit card information. These pay outs range from $6 to $60, and has become a profitable monetisation strategy for online criminals. As revealed by ISTR Vol.20, this is more profitable than selling stolen information on the black market, with credit card details valued at $0.50 to $20, and stolen email addresses valued at $0.50 to $10 for 1,000 addresses. Another social media platform being exploited by cybercriminals is Instagram, which now has more monthly active users than Twitter. Scams seen on Instagram in 2014 include accounts offering to share their lottery winnings with anyone who follows them and fake accounts that offer gift cards. In these scams, users are asked to follow these fake accounts and share their personal information, such as their email addresses, in return for rewards that don’t exist. With all these risks, what can we do to better safeguard ourselves against these attacks? Some best practices include:

  • Protect yourself. Use a comprehensive Internet security solution that includes capabilities for maximum protection against malicious code and other threats.
  • Update regularly. Keep your system, programme, and virus definitions up-to-date.
  • Be wary of scareware tactics. Versions of software that claim to be free, cracked or pirated can expose you to malware or social engineering attacks, which attempt to trick you into thinking your computer is infected and getting you to pay money to have it removed
  • Use an effective password policy. Use complex passwords (upper/lowercase and punctuation) or passphrases.
  • Think before you click. Even when receiving email attachments from trusted users, be suspicious.
  • Guard your personal data. Limit the amount of personal information you make publicly available on the Internet (in particular via social networks).

Always remember — if it looks too good to be true, it probably is. Follow the above tips and don’t be fooled by social media scams.

Sources by: MIS Asia

Share it with your friend...

Not Our Partner?
Please contact us at [email protected] to know more about
our premium partners program today!