Ever since people first started logging on to the Internet, there’s always been a scammer out there looking to take advantage of people. Every major platform has its dark underbelly – there are e-mail scammers, eBay scammers and Craigslist scammers. Most recently, these scammers have turned their eyes toward sites like Twitter, Instagram and Facebook. According to the most recent FBI Internet Crime Complaint Center report, 12 percent of all fraud reports are now tied to social media.
It can be hard to pick out each and every scam on the Internet. But according to the FBI, thieves are heavily leaning on three types of social networking scams. By learning about these common schemes, it’ll be a lot easier to keep yourself protected. Here’s how to stay safe.
Clickjacking
Did you hear the tragic news? It seems that Lady Gaga has been found dead in her hotel room. Justin Bieber was stabbed by a crazed fan outside an L.A. nightclub. And don’t even get me started about what Emma Watson did – I lost all respect for her when I saw this one video. Outrageous!
None of these “news” items are real, of course. All of them are recent examples of a common Facebook scam known as clickjacking. Unscrupulous advertising companies often create fake news story links using sensational headlines. If you click on these types of stories on Facebook, you’re often redirected to a link with malicious code that tricks Facebook into thinking you’ve “Liked” the story or link. Facebook then shows the link to your friends, and if they click, they'll automatically like and share the scammy headline too. It’s all a numbers game – the more clicks a scam site gets, the more it makes in advertising.
The best protection against clickjacking is to have a healthy dose of skepticism when it comes to sensational content on the Internet. If something sounds too weird to be true, it usually is – try to resist clicking just to find out. And beware of links that redirect to odd-looking URLs with unfamiliar suffixes.
Doxing
Arguably, doxing is one of the most vicious types of social media attack today. In a doxing attempt, private details about a person will be leaked online, including full names, addresses, phone numbers, details about private communications, pictures and more. Often times, the goal is to make the target feel vulnerable and naked. In more extreme situations, malicious actors have used this information to stalk, harass with unwanted calls and steal identities. Recently, a 17-year-old Canadian gamer pled guilty to calling in several police SWAT raids to the homes of female gamers.
The best protection against doxing is to limit the amount of information you share about yourself and your family members online. Try not to share your private phone number or home address with websites if you can help it, and avoid posts that reveal your physical location to strangers (e.g., checking in to Starbucks). You should also take advantage of Facebook’s privacy controls to limit your personal details and status updates to your friends and close family only.
Pharming
Pharming is, essentially, a phishing attack performed on a social network. Scammers will present a link to a familiar website that many unwitting people will wind up liking and sharing – say, a link to a news story on Time. If you click the link, however, you’ll be taken to a spoofed version the site where you’ll be prompted for your login information for Facebook or some other site. Cyber crooks then take your credentials and use them to hijack your accounts.
There are a few basic steps you can take to prevent falling victim to a pharmer. Consider typing the name of the site you’re visiting into the address bar rather than visiting through a Facebook link. And always surf with good anti-malware protection – most products available today can detect these types of attacks as they happen. Check out our PC security software rundown and our search for the best Mac security software for advice on which solution to choose.
You can view the full FBI Criminal Complaint Center report at the agency’s website (PDF).
[Internet fraud warning via Shutterstock]