5 Scams Sneaking Into Social Media

You’re probably used to promotional posts slipping into your Twitter feed and personalized ads plastering the side panels of Facebook. You try not to notice them, the way you try to avoid ogling billboards on the freeway, but every now and then you simply give in and click.

Proceed with caution. That unsolicited content you’ve come accustomed to seeing on social media may have a more sinister intention than simply catching your eye. On the other side of a quick pic or a clearance advert could be a sales team or social media manager. Or it could just as easily be a fraudster poised to attack.

Experts at Proofpoint, a SaaS cybersecurity company, estimate that the number of phishing attempts on social media networks like Facebook, Twitter, Instagram, and LinkedIn have gone up by 150% in the last year, leaving hundreds of thousands of users vulnerable to identity theft and fraud. Here are five of the latest scams to hit the social media scene:

Instagram money flipping scams

How does a mobile app dedicated to sharing photos and videos suffer from over 4,500 scams in less than three years? It’s easier than you’d think. Take your average unsuspecting user: she’s posting a new pic of her Siamese cat sleeping in a basket and casually scrolling through her newsfeed when she comes across an eye-catching photo of a big old wad of cash. Beside it is a caption touting how unbelievably easy it is to turn hundreds of dollars into thousands—instantly.

The user who posted the photo has followers, likes, and comments related to the money flipping scheme—all of the signs of being legit. There may even be thank-yous and follow-up testimonials. So our cat-loving friend gives it a try, wires the user the initial payment or shares the PIN of a pre-paid debit card, and before you know it she’s out $100 or more. Though money flipping schemes pop up on Facebook, Twitter, and other social media platforms, they’ve found a sweet spot on Instagram, where they cluster around the accounts of financial institutions and banks.

Facebook and like-farming

With 1.6 billion monthly users and growing, Facebook tops the chart as a hotbed for online scams. Cisco’s 2016 annual security report detected over 33 million scams on the platform. Facebook scams take the form of pop culture quizzes, free product contests, salacious fake news stories, photos of baby otters—anything to get you to click that thumbs up button. “Like-farming” is the term given to this process of cultivating likes and shares.

Once a dummy post garners sufficient attention, the scammer gives it a minor and malicious edit. It may be a link to malware, a link to a phishing site, or a pop-up requesting credit card information before a reader can finish viewing the story. Once you’ve liked a story it goes into your newsfeed and often shows up on your friends’ feeds as well, continuing the cycle. We should all make sure to be selective rather than reflexive when it comes to liking posts.

Facebook and the Ray-Ban scam

When is a charity sale not a charity sale? When there are more people apologizing for faulty Facebook invites than there are purchasing products. Sandwiched between legitimate invitations to play Candy Crush and attend Toby’s Tiny Tots party this summer, there have been copious invitations to join less than legit Ray-Ban charity events (16,500 cases and counting). Schemers behind the scam set up fake Ray-Ban Web stores and then promote them on Facebook, either by using fake accounts or by hacking into existing accounts and then spamming the user’s contacts with invitations to the brand-name event.

What might result in a mere annoyance for the invited (i.e., spammed) contacts and an embarrassment for the user whose account has been hacked, can end up being something much worse for the an unsuspecting contact who attempts to purchase a discounted pair of shades and then loses not only the price of the purchase, but also the security of their account (not to mention their trust in Ray-Ban).

Fake Netflix email scams

When Netflix launched internationally earlier this year, they opened the door to a bigger badder black market for scammers. New users in Australia received convincing fraudulent emails indicating that their accounts had been frozen and redirecting them to phony websites where they were prompted for usernames, passwords, and credit card information.

Other Netflix hacks promise a discount and prompt for login information, which they then sell on the black market for as little as a quarter. Because Netflix already allows for up to four accounts and many users share with roommates, family, and friends, victims are often unaware that an unwelcome guest is also using their account.

Customer service scams on Twitter

When is customer service less than helpful? When it’s being conducted via Twitter by a fraudster posing as a source of assistance. Using duplicate—or nearly duplicate—handles (often you’ll see the deviation of an extra letter or additional dash or underscore), hackers solicit users with Tweets that furnish links to external phishing sites. Hackers have also inserted themselves into conversations between users and actual Twitter accounts. This is particularly prevalent in the realm of online banking, where three fake NatWest accounts were caught in a single week.

Hackers may directly ask the user for personal information, such as login, password, account number or PIN, or they may lure users to phishing sites that automatically prompt for login and account information. It’s easy to be fooled, especially if the social media site is considered a “safe space” by a user who is caught off guard. Many fake accounts include avatars, chat history, and followers, so it’s best to check twice when passing private information. A blue tick next to the name on an account’s profile (and next to the account name in search results) indicates that the account has been verified by Twitter.