The number of scams and malware taking advantage of social media users and platforms is on the rise. Social media scams are easy to create and can target thousands of people at once due to how users interact with pages, posts, and contacts. Once your account is compromised, malicious actors can leverage it as a conduit to spread scams and malware to your network of friends or contacts. Facebook, Twitter, LinkedIn, and Instagram are a few very common examples of social media sites where you or your account could be at risk. Let’s examine some ways that you can keep your social media accounts safer through smart online practices.
HOW TO IDENTIFY AND PREVENT ATTACKS
Shortened URLs are a common tactic used by scammers to conceal where malicious links lead since some social medial sites have a character limit. A simple scam involves an email with links that are allegedly to posts you have been tagged in. The links will use a URL shortening service to hide the true link destination—a malicious site that can infect your device. To avoid this, do not click on shortened links in emails and social media messages you receive. Instead, copy and paste the shortened URL into a URL extender to see where you are really going and then choose to click or not. Additionally, never enter your login credentials in a website that you linked to from a social media post, message, or email. Malicious websites that look like the real thing are often used to steal login credentials to compromise accounts.
Fake coupons are another tactic scammers commonly use on social media platforms. The scammers create a fake coupon requiring you to click a link to download it and put the coupon on a malicious website that can infect your devise with malware. Treat these with the same skepticism as other suspicious emails and messages.
Click-baiting is another way a scammer can get your information or install malware on your computer. Click-baiting is when there is a “teaser” to get you to click on the link. For instances, it might suggest a really interesting story (“you won’t believe what happened next…”), challenge you (“I bet you can’t…”), or promise a “giveaway” or “sweepstakes.” With the sweepstakes and giveaways, the scammer creates a fake website giving away a product. They then post the link on social media, directing users to the website to take part in the giveaway. Once there, you may be prompted to enter information, thus exposing your personal data. The website may alternatively attempt to download malware onto your devise.
One way to identify and avoid this type of scam is to look for spelling errors. Another way is to check and see if the website is affiliated with the company purportedly offering the giveaway. Additionally, ask yourself, is the prize too good to be true? Scammers frequently make the prize seemingly larger-than-life in order to attract as many people as possible.
Lastly, when using social media, avoid accepting friend requests from people you do not know. If accepted, the scammers can use this to gain access to your personal information with the goal of stealing your identity. If you receive a direct message from someone that you do not trust, delete it. Finally, consider following the guidelines below on what information you should NOT share on social media:
- Your date of birth. This is a piece of personally identifiable information that criminals can use in committing identity theft.
- Your address and phone number. These are privileged pieces of information that you do not need to share on your profile in order to enjoy social media.
- Answers to common “security questions.” If you proudly post pictures of your first new car, your high school sports memorabilia, etc., you are posting answers to the security questions that are commonly used to validate who you are when accessing sensitive accounts or resetting passwords.
- Location-based check-in. These “check-ins” let everyone see that you are not at home and can make you a target!
Information reprinted with permission from the Center for Internet Security