2016’s Top 8 Scams By Social Network
As a strategic partner, we not only strive to help our clients thwart insurance fraud, but we also keep up on trends in social media, technology, and scams to keep you informed and protected.
John Burcham of Fightingidentitycrimes.com compiled a list of the most prominent social media scams of 2016 in an effort to prepare for what is to come in 2017. Here are the top 8 scams broken down by individual social network:
Facebook Friend Impersonator
Facebook users will receive a message from one of their Facebook friends claiming that they won a large sum of money, that the victim is also included in the list of winners, and that a “shipping fee” is required to receive the money. In these cases, the social media account sending the message has been hacked or digitally kidnapped, and scammers are able to see your personal information on your page that otherwise may be private. In all, this scam can easily lead to identity theft, fraud and digital kidnapping.
Facebook Phishing Scam
Facebook users will receive a message in their inbox indicating that they have been mentioned in a comment. *REMEMBER – WHEN YOU ARE “MENTIONED” ON FACEBOOK, YOU WILL BE ALERTED IN NOTIFICATIONS, NOT YOUR INBOX!* The message will include a malicious link that downloads a Trojan horse onto the victim’s computer and also infects Google Chrome browser with a malicious extension. The victim will log into Facebook through the infected browser, and scammers will then have their login information. At this point, accounts can be hijacked which allows scammers to change profile settings, steal personal information, and continue spreading the software to others through the compromised account.
Illegitimate Direct Messages
Twitter users will receive direct messages with shortened links, stating that when clicked, it will lead to a funny/embarrassing photo of the victim. In reality, the link may lead to a phishing page that emulates Twitter’s login page. Once the victim logs in, scammers gain access to their profile, personal information, and spread the scam through the compromising account.
According to Burcham, the most common money-making scheme on Twitter is the “Twitter Cash Starter Kit.” A fake promotional profile will convince a victim to purchase a “starter kit” that guarantees fast cash, WITH THEIR DEBIT OR CREDIT CARD. An “initial fee” is required for this kit. However, victims have found charges for “membership” fees totaling $50 or more each month. Other than the obvious capturing of credit or debit card numbers and fraudulent charges, victims can be subject to overdraft fees, credit score damage and fraudulent credit opened under their name.
Fake Job Offers
Scammers send messages for high-paying job offers, acting as recruiters, to unsuspecting victims on LinkedIn. If it’s too good to be true, it usually is, especially when most of the scam jobs advertised involve working from home or remote positions. The scammers will go lengths to get your information, and in this case, even conducting “phone interviews” to prove the legitimacy of the company. Once a victim submits their job application, it’s game over. All of their personal information (social security number, date of birth, financial information) has been compromised, and they will be “laid off” or “fired” and will never receive a paycheck. Also, because these are not legitimate businesses, they are almost impossible to trace.
Scammers utilize individual and company LinkedIn profiles to gather information and launch spearphishing (phishing attacks against individuals) and whaling (phishing attacks against executives/companies) attacks. According to Burcham, “Corporate data is much more valuable on the black market than individual data. As a result, scammers target employees and company pages to gain access to sensitive business and financial information. If employees link their personal pages to company profiles to reuse login credentials, scammers may be able to gain access to multiple accounts at once.”
Fake Advertising Deals
Scammers will utilize the direct message feature to target victims with advertising deals that are, once again, too good to be true. Users are persuaded to pay through PayPal “Friend and Family” option for advertisements; advertisements that will never appear anywhere, because the accounts don’t even exist, or the account isn’t actually owned by the person who contacted you. After a victim pays, the deal will not be honored. Why the “Friends and Family” option? These transactions are not protected by PayPal and victims will not be able to file a claim regarding the fraudulent transaction.
Selling Account Scam
This scam is one of the reasons why we pay attention to our kids’ internet activity, as it targets younger users. The scam offers to increase a victim’s follower base for a large fee. Pages with between 1,000 to 1 million followers are advertised as “for sale,” in which the scammers claim that they will give you the “rights” and login credentials to the page after payment. Turns out, these accounts have sold and been renamed countless times to avoid detection by Instagram itself, which makes it extremely difficult to trace. Once the fee is paid, scammers typically remove the page completely, never send the login credentials to the buyer, etc.
REMEMBER: If it doesn’t look or feel right, leave it alone. If it seems too good to be true, it is. If you don’t know someone, don’t answer. And if you do know them and something still seems “phishy” (pun intended), contact this person directly outside of the social platform.