Want to win First Class seats on British Airways? Fancy a free iPhone due to surplus stock? Get a share of the billions that Zuckerberg is giving away? Don’t be duped – the reality is that these are all fake. Never has the expression ‘if it seems too good to be true then it probably is’ been more apt…
The fraudsters are increasingly using sophisticated techniques to con users into sharing their valuable information. Ever wondered why or how your Facebook account has been hacked? Someone sending out fake profile invites to your friends and family? Then beyond the obvious ‘something for nothing’ examples outlined earlier, the chances are that you have done one of the following:
• Responded to a daft quiz – anything from what colour your ‘aura’ is, to estimating your age based upon pictures in your profile (which, by the way, is always way younger than you are… funny that)
• Clicked on a fake news story with some lurid headline about a famous celebrity (no, Beyonce is not having an affair with Lady Gaga)
• Participated in some form of online poll, usually linked to some spurious results (answering questions on your musical tastes will not determine whether you are more attractive)
Basically the ‘clickbait’ is designed specifically to lure you in by harnessing the power of the seven deadly sins (with a particular focus on greed, lust and hubris). And as soon as you have taken the ‘clickbait’, the scammers will politely ask whether they can have access to your profile. Once the invite is accepted, you have effectively opened the door to a whole host of viruses, worms, trojan horses, ransomware, spyware and many other nasty malware variants.
“Consumers readily click ‘accept’ on terms and conditions for Facebook apps and quizzes, often without a second thought”
Gavin Hammer, of social media management platform Sendible, goes on to say:
“The issue is they are legitimate websites who are paying to advertise, but are subsequently changing content. It’s the click-through with all the promise and no delivery.”
Cybersecurity analysts at BestVPN, warn that the cyber villains often change content to catch out Facebook users:
“One increasingly popular guise cybercriminals take starts with the mundane. A potential threat source will post a funny meme, video, or cute pet picture, the type highly likely to go viral. Then, once the post has received a high number of engagements, the content flips to something more nefarious, or simply gets hidden behind a task the user must now complete to view content.”
Part of the problem is that people don’t think that they can or will get scammed. In a recent UK study, only 7 per cent of people said that they would allow third parties access to their profile in exchange for participation in a quiz or poll. However, this is in stark contrast to the reality with millions signing up for these scams every single day. And the crooks know that it’s easy pickings. Mike Lee, a director at online security firm Proofpoint, claims that social media scams are much more effective for criminals than email versions:
“One of the things that makes social media attractive is its efficiency at delivering malicious content. A single comment on a popular Facebook page may be viewed by 10,000 followers. It’s much more difficult for a perpetrator to send out 10,000 scam emails that avoid spam filters”
Most social sites offer salient advice on how not to fall victim to phishing but most users don’t bother to read it. Guy Bunker, senior vice president at threat protection firm Clearswift acknowledges the problem and claims:
“There is still a fundamental lack of knowledge in the general population as to what scams look like and how to avoid them”
So, have you ever been a victim of the scammers? How did they catch you out? And what advice would you offer to other users to prevent the same fate happening to them?