Blog

How to Avoid Social Media Fraud

May 18, 2018

Facebook CEO Mark Zuckerberg has been in the news for all the wrong reasons lately. And his timing couldn’t be worse.

As GDPR comes into full effect, the Facebook boss has been busy explaining how data firm Cambridge Analytica appropriated information on over 80 million potential voters in the U.S.

But as big as this number appears, it pales into insignificance when compared to the number of potential victims of social media cybercrime. Facebook has now admitted that the search function on the platform could have inadvertently made sensitive information from more than two billion users available to hackers.

But Facebook aren’t the only company that need to up their game. Social media fraud is significant. It’s happening today, and you need to do something to protect your accounts.

How are they getting information?

When it comes to hacking social media accounts, cybercriminals have several weapons in their arsenal. In the case of Facebook, thieves have, up until recently, been entering previously leaked email addresses and phone numbers into the site’s search bar.

This has allowed hackers to obtain more detailed information about potential targets making it easier to steal identities.

But in other cases, crooks use the “social” nature of social media sites themselves to harvest your information. Take the following case study for example.

Action: Mike gets a friend request from someone with mutual contacts on Facebook. He doesn’t think he knows them personally, but it would be rude not to accept, so he does.
Effect: That person now has access to the information he makes public to his Facebook friends.

Action: Mike posts a picture of the beach and tags himself, “Enjoying a cocktail by the sea!”
Effect: Mike’s new Facebook buddy knows he’s out of the house and uses the opportunity to hunt through his trash, he stumbles across a social security number. Mike checked in at “Home” a few weeks back, making it easy to track down his address.

Action: A few months later, Mike gets an email from his recently acquired Facebook friend. He wants to double check its legitimate, so Google’s the name and discovers he’s friends with the guy online. He opens the email and clicks the link.
Effect: Mike’s infects his computer with malware, his new friend sets about stealing his identity.

What’s the worst that can happen?

While the team at Cambridge Analytica were politically motivated, more unscrupulous hackers can do some serious damage with your data.

  • Befriending someone you don’t know gives them access to your private profile. They can steal available data and do as they please with it.
  • Hackers, posing as friends, can infect your computer with malware by encouraging you to click a dangerous link.
  • They might take over control of your accounts and use them to send spam to other users.
  • Hackers can use social media to gain your trust before targeting you in a phishing attack you’re probably going to fall for. Read our blog post about 4 ways to beat targeted phiching attacks to learn more.
  • You could be bated into providing financial information, say for fake job offers from a platform like LinkedIn.
  • Your accounts could be cloned and used for illicit activities.

    How can you avoid becoming a victim?

    Avoiding social media fraud is all about vigilance. The following tips will help you stay protected.

  • Before adding a contact to a social media account ask a GENUINE friend if they know them personally.
  • Don’t ever use the same password over multiple accounts. Learn more about securing your passwords.
  • NEVER log in to a social media account from a website you don’t completely trust. Only type your social media passwords into official sites.
  • Alter the year you were born to throw potential cybercrooks of the scent
  • Use fake information for password verification questions – “My favorite color is BANANA.”
  • Get rid of any social media apps you aren’t using.
  • Check HTTPS certificates are legitimate and belong to the sites they claim to.
  • Don’t advertise where you are or where you’re going online, wait until you return to post geo-tagged photos or status updates.
  • Related Posts

    June 17, 2018

    The U.S. National Institute of Standards and Technology (NIST) has just released version 1.1 of its Cybersecurity Framework. President Obama…

    April 13, 2018

    It started out as a reliable way to protect websites from the blight of automated bots. But the Completely Automated…

    February 8, 2018

    Phishing isn’t what it used to be. Malicious websites look legitimate and crooked emails appear to come from trusted senders.…

    February 5, 2018

    Imagine if someone went on a shopping spree with your credit card, but when you called the bank, they didn’t…