Clever Clicks - Social Network Scams

In brief

Scammers are always more numerous where there are potential victims. This applies just as much on the Internet as in the real world. With more than a billion Facebook users alone, it’s no wonder that cyber-hackers quickly established a lucrative industry within social networks.

Their approach is partly the same as with emails. The advantage for attackers is that they can more easily reach an audience with a (fake) profile than with a standard email address. In addition, criminals can target their victims with tailored attacks.

For companies, social networks mainly involve 2 types of risks:

1. Risks related to the use of social networks by employees on their workstations.
2. The risks of loss of reputation in the event of a targeted attack.

Here are the different types of traps and scams that must be avoided at all costs.

Cloned profile

Fraudsters can create a copy of your Facebook profile. They may also copy the photos that you have made public. They can quickly build a profile that will look incredibly similar to yours. The 2nd step of the scam: send a “friend request” to everybody on your list.

The success rate will be high if your friends believe it is coming from your legitimate profile. The final, decisive step: sending private messages to these new “friends”, to ask them for help out of a bad situation by sending money or calling back urgently on a premium rate number. Even more deceptive: the attacker encourages your friends to click on an infected link.

It’s as if the scammer borrowed your identity to pick the pockets of your friends …

Be strict when configuring your privacy settings. The less of yourself that you reveal to others (including your friends), the less likely it will be for your images to be stolen for dishonest use. Take care when you receive an “Add Friend Request” from someone who is already your Facebook friend. Has your profile been cloned?

Pirated profile

Have you received a message from a friend in difficulty, asking you in desperation for financial help? Is a friend trying hard to convince you to try an amazing new diet and sending you a long link to this novelty? Is your best friend sending you an instant message with an attached video file? Every comment is “LOL”. Should we watch it?

It looks like a scam! If a scammer hacks a Facebook profile, he doesn’t just have access to profile’s data but he can especially seek to abuse the trust of the victim and the victim’s Facebook friends or send malware to them.

If you receive an unusual message from a friend, be careful and ask your friend if they actually sent this message. You should always be wary if a Luxembourg friend sends you a message in English with an attachment. Danger! Never click on files or links. If a friend seems to have financial problems, it’s best to contact them by phone.

Fake Facebook emails

You receive an email from Facebook asking you to log in to your Facebook account by clicking on a link in the email, for example to see photos you’ve been tagged on, or to read a friend’s post.

In reality, it is a phishing page. Scammers try to steal your personal data with copies of emails and websites that are very similar to legitimate ones or to trick you into receiving malicious software.

If you are not even registered on Facebook, delete the email. Do not click on the links in these emails or open the attached files. It is better to open a new window to log in to your Facebook account manually to see for yourself if there is something new.

Fake quizzes, gift vouchers and free offers

Have you been offered a gift voucher worth 30 euros from your favourite clothing store? Without applying for it? When you click on the attractive advertisement displayed in your Facebook news you go to a website with several forms to be filled in …

Facebook is overrun with ads! Some are fake: they use well-known brand logos to look serious, but in actual fact their goal is to extract private data from the largest number of victims or trap them with expensive subscriptions. Winnings? Gift certificates? Free products? Far from it!

No one gives you anything for free on Facebook. Trust your common sense and do not be hoodwinked by illusory promises. At the latest, when you are asked to enter your personal data or download specific software, get out of there! Otherwise, you risk falling into phishing traps or signing an expensive product subscription in spite of yourself.

Links camouflaged in videos/statuses

“Look what this pregnant girl did. You will not believe your eyes …!” “Incredible … you have to see it to believe it!” The purpose of these titles, or others like them, is to arouse curiosity and get the user to click on the video posted in the Facebook news feed. But, strangely, no video is displayed and we are directed to a website.

These shock stories are actually links, camouflaged in videos, whose goal is to get the most clicks. The consequences for the user depend on the type of target website. In the best case, the target site is “only” some advertising page or other. It is also often a question of data collection: under the pretext that you must be an adult to view the video, you are asked to enter your personal data for an age check. In the worst case, it is a malicious website that prompts you to download a file infected with malware.

Be suspicious of very shocking titles or videos whose titles reveal nothing about the content. If you are redirected to another website, do not download anything and do not enter any private data.

You can find more information on fake news and scams on the Austrian Mimikama portal (www.mimikama.at).

Infected statuses

You receive a notification that a friend has tagged you in a video or status. You obviously want to know what this is about.

If you want to watch the video, you download malware to your computer. At the same time, the Trojan automatically accesses the victim’s profile in order to post the same infected link under his/her name and to tag new friends in the link. This ensures that the infection is spread as widely as possible.

Be suspicious of video publications. If your friend does not add any comments and you can only read combinations of letters or numbers, e.g. “WTFF …… f6h7qr” or something similar, it is almost certainly a Trojan horse moving around and making your friend its victim.

Regularly update your antivirus software and take a look at the pages of the Austrian Mimikama portal (www.mimikama.at) on current scams and hacks.

Fake fan pages

At first glance, fake fan pages are no different from official pages. They take advantage of an existing brand’s recognition and popularity (e.g. Apple or McDonalds) to achieve the most “likes” quickly. Then, they invite web users to click on links, supposedly to take part in quizzes, obtain gift vouchers or access other content.

Clicking on these links probably takes you to an external website, which is nothing to do with Facebook. There are no free offers or quizzes. In fact, the user will be asked to enter their personal data (which will then be resold) or, in the worst case, a Trojan horse will be installed on their computer.

Before joining a Facebook fan page, you should confirm that this is the official page. The best way to do this is to go to the official website of the brand and search for the Facebook page link. When offers are too good to be true, you need to sound the alarm. Large groups, such as Apple and others, don’t offer free smartphones – even if they can apparently no longer be sold because of faulty packaging …

Third-party applications

Third-party applications can be used to manage your company’s presence on social networks. Select them carefully and ensure that they use strong password protection. If this third party application is compromised, the hacker will have access to ALL your company’s social networks.