Top Social Media Scams in 2016

— December 16, 2016

Top Social Media Scams in 2016

Scammers are taking advantage of unsuspecting victims in the social media space. Social media scams can be especially daunting because they can take on many forms – from illegitimate friend requests to hacked profiles and malicious link attachments.

As the year draws to a close, let’s take a look at the most prominent social media scams of 2016 to prepare ourselves for the upcoming year.


FACEBOOK

#1: Facebook Friend Impersonator

How It Works:
Users receive a message from a long-time friend on Facebook where he or she claims to have won a large amount of money. They indicate that the victim has been included in the list of winners and urges them to pay a “shipping fee” to receive the money.

Why It’s Dangerous:
Often times, these social media scams occur after an account has been hacked or fallen victim to digital kidnapping. Scammers may also send the target a friend request prior to sending the message, allowing them to access the personal information they would otherwise not be able to view. As a result, this social media scam can also lead to identity theft, fraud and digital kidnapping.

#2: Facebook Phishing Scam

How It Works:
Users receive an inbox message saying that they have been mentioned in a comment (– mentions are typically delivered through notifications). Scammers send these inbox messages to trick victims into clicking a malicious link. By clicking the link, victims download a Trojan horse onto their computer, as well as a malicious Chrome extension. Once victims log into Facebook through the infected browser, scammers capture their login credentials.

Why It’s Dangerous:
Social media scams like these collect Facebook credentials with the purpose of taking over accounts. Once accounts have been hijacked, scammers are able to change profile settings, steal personal information and spread the malicious software to others through the hacked profile.


TWITTER

#1: Illegitimate Direct Messages

How It Works:
Users receive direct messages that urge them to click on shortened links sent as either part of the message or as an attachment. These messages prompt the user to click on the link, usually under the guise that the link leads to a funny or embarrassing picture of the target.

Why It’s Dangerous:
Most of the time, these links lead to phishing pages, emulating Twitter’s login page to steal login credentials. Once scammers gain access to an individual’s profile, they can steal personal information as well as spread the scam to others through the hacked page.

#2: Money-Making Schemes

How It Works:
The most common money-making scam on Twitter is the “Twitter Cash Starter Kit.” Fake promotional profiles convince users to purchase a “starter kit” that guarantees fast cash. Victims will pay an initial fee for the kit itself by entering their debit or credit card information. However, victims find that their cards are charged a hidden “membership” fee of $ 50+ each month after initial signup.

Why It’s Dangerous:
Not only can scammers capture sensitive payment card information, they can also make fraudulent charges to victims’ cards. Consequently, victims can be subjected to overdraft fees, credit score damage and even credit being fraudulently opened in their name.


LINKEDIN

#1: Fake Job Offers

How It Works:
Scammers pose as job recruiters that send messages regarding high-paying job offers. Typically, these jobs will be advertised as work-from-home or remote positions. Scammers may even conduct fake phone interviews to convince victims of the company’s legitimacy. After collecting personal information from job applications, victims will be “hired” for a short period of time before being “laid off” or “fired,” with no paycheck to be found.

Why It’s Dangerous:
These social media scams target individuals for their personal information (particularly Social Security numbers, birth dates and financial information), as well as scam victims out of their money through fake application and processing fees. Once scammers have successfully collected a victim’s information or funds, these types of scams can be hard to trace if the company’s existence disappears altogether.

#2: Spearphishing/Whaling Scams

How It Works:
Scammers collect information from both individual and company profiles to launch spearphishing (phishing attacks directed at individuals) and whaling (phishing attacks directed at executives or companies) attacks. By getting to know their targets, criminals increase their chances of carrying out a successful scam.

Why It’s Dangerous:
Corporate data is much more valuable on the black market than individual data. As a result, scammers target employees and company pages to gain access to sensitive business and financial information. If employees link their personal pages to company profiles or reuse login credentials, scammers may be able gain access to multiple accounts at once.


INSTAGRAM

#1: Fake Advertising Deals

How It Works:
Scammers send direct messages to targeted victims with advertising deals that seem too good to be true. These social media scams convince users to pay through PayPal for advertisements that will never appear on pages that either do not exist or are not owned by the person of contact. Scammers can also price up these advertisement deals, legitimate or not, convincing users to make transactions through PayPal’s “Friends and Family” option. After payment, criminals will refuse to honor the deal.

Why It’s Dangerous:
Transactions carried out through the “Friends and Family” option are not protected by PayPal, as opposed to payments made through “Pay for Goods and Service.” Scammers convince victims to pay through the “Friends and Family” option because victims will not be able to file a claim about the fraudulent transaction.

#2: Selling Account Scam

How It Works:
This social media scam targets younger users that are seeking to increase their follower base on their pages. Scammers advertise pages that have between 1,000 and 1 million followers for sale, charging individuals hefty fees for the rights and login credentials to the page.

Why It’s Dangerous:
Criminals use accounts that have either been sold or renamed multiple times to avoid being disabled or reported by Instagram. As a result, this scam is difficult to trace, and their fraudulent activity is often overlooked. Once the victim pays the initial fee, scammers will remove the page, fail to send the credentials to the buyer or even leave the buyer to face the consequences of participating in a social media scam. Meanwhile, the scammer has disappeared without a trace.


How can I avoid a social media scam?

Across all platforms, use these tips to help you avoid falling victim to a social media scam:

  • If you don’t know someone, don’t answer. Messages that include attachments or links can often lead to phishing scams or malicious software downloads.
  • Even if you do know them, make sure it’s actually them. If you receive strange messages or friend requests from friends or family members, contact that person directly (outside of social media platforms) to confirm their legitimacy. Often times, scammers will pose as people you know to trick you into opening and interacting with malicious messages.
  • If an insecure site is asking for personal information, leave the site immediately. If you are prompted to enter personal or financial information online, look for the green lock at the top of the address bar. Never enter your sensitive information on unsecured sites.
  • Do your homework. If you receive a job offer through social media platforms, do a simple Google search of the company and the job listing to make sure it is legitimate. If the company or job is difficult to find elsewhere on the Internet, chances are it is fake.

Continue following Fighting Identity Crimes to learn more about how to avoid scams taking over social media, as well as stay up-to-date on the latest breach and scam events in the news.

Digital & Social Articles on Business 2 Community

Author: John Burcham

View full profile ›

(15)