Scams on social networks are nothing new, but they’re constantly changing styles :
As with all social engineering scams, the best defense is a skeptical user.
Most security organizations have long since lost the fight to keep employees from using social media on work computers, indeed, many people now have to be on Facebook ,Instagram,Tumbler,G+ or Twitter as part of their professional duties. The goal now is to help contain any damage from social media attacks—keeping in mind that even an attack via someone’s personal account can affect their work lives.
To that end, we spoke to some security pros about scams and attack vectors that are springing up on social medial. Here are their tips for avoiding social media scams.
Social media accounts aren’t a shortcut to become a richest : The world of con artistry has seen endless variations of the get rich quick scheme. for Example “Twitter cash starter kit,” which promises users that they can hit it rich on the platform in unspecified ways. The key to the scam? “Victims will pay an initial fee for the kit itself by entering their debit or credit card information,” says Shaw. Once the scammer has access to that information, charges quickly amount: “Their cards are charged a hidden ‘membership’ fee of $50 each month after initial signup. They can also make further fraudulent charges.”
You can’t win a contest you never join :online harassment, notes one scam becoming increasingly popular on Snap chat. “A user gets a graphic that claims they are a winner. When they click on the graphic and fill out requested info, they’re asked to download an app in order to receive a prize. That app most likely contains a virus.”
Beware of wolves in brands’ clothing… One particularly devious scam involves imitating a business’s social “Someone looking to book an appointment at a spa reaches the fraudster instead of the legitimate business owner, who then takes the caller’s credit card info as a ‘down payment’ to book or hold the appointment and then runs off with the money.”
especially if they’re offering help. One scam exploits an aspect of life we’ve come to expect and rely on—that sometimes brand accounts seek you out, not the other way around. Companies ranging from cable providers to airlines automatically search social media to find people complaining about their services and then use support accounts to reach out and try to resolve issues. But those complaint tweets are public and those search tools are available to anybody.
You reveal more about yourself than you think. A variation on this scam involves trying to assess a user’s public profile to determine potential commercial interests. “A hacker can scan a Twitter feed to find out that a user posts constantly about her new puppy,” explains “The hacker then creates a phishing scam that looks like a product announcement for a portable puppy crate and targets that Twitter account.”
Think twice even when you see someone you know. We warns about profile cloning—scammers creating a duplicate profile for a real person in the hopes of getting that person’s acquaintances to accept friend requests, giving them a trusted position in their social networks. Some attackers go one step further, compromising real accounts to spread malware and spam.
Expect social espionage. Once attackers have infiltrated a circle of friends or professional associates, they’re in a perfect position to monitor networks. “Hackers can use social media to infect someone within an organization, then sit on the network and monitor their internal communications.This can be carried out by impersonating a real individual, adding them as a friend on LinkedIn, or even joining an open forum or channel on a social platform like Slack.”
The endgame is often a phishing attack. “Hackers can go on LinkedIn or any other platform create fake accounts posing as a current or former employee at your company.The hacker then attempts to contact multiple people at your business, collecting small amounts of data from each employee.
Each bit of info on your company—location, office hours, hierarchy, email nomenclature—could potentially add up to enough info for a successful attack specific scenario.If hackers know the exact timing of a deal that is underway and Who’s in charge of authorizing the wire transfer(Many institutions make funds available on the same day. Many banks will offer customers who receive regular direct deposits higher levels of services or eligibility for certain kinds of accounts. Best of all, direct deposit is typically free! Wire transfers, on the other hand, are generally not free.), they’re able to initiate a spear-phishing attack at the most opportune time.”
“With the adversary constantly evolving, together with the massive volume of new content pouring across their platforms, social networks only have so much control over these types of problems.