For scammers, social media offers a low-risk, high-reward opportunity.
As a result of social media sites such as Facebook, Instagram, and TikTok, scammers are able to find new victims more quickly and easily than ever before.
Norton Labs has issued a new report(opens in new tab) after analyzing data from a full year of social media attacks, identifying the top phishing lures used to take over user accounts and steal funds from unaware users.
This is why scammers use social media to reach their victims, says NortonLifeLock’s head of technology, Darren Shou, who explained in a press release that:
“Threat actors target billions of people around the world with social media phishing assaults because it is a low-effort and high-return method. It’s important to be aware of the warning signals of a scam, and to keep a watch on where requests for your personal information are coming from. Better yet, think about utilizing multi-layered security measures that are always on the lookout for any threats.”
When it comes to stealing your login information, scammers often create phony websites that bear an uncannily likeness to the actual social media login forms. If a user is fooled into believing a page is real, scammers can then use their credentials to transmit spam or conduct other assaults, according to Norton Labs.
Locked account and copyright violation notices
Nothing is more upsetting for frequent social media users than learning they have lost access to their accounts. Locked-account messages are frequently sent out by scammers in order to steal the user’s account credentials.
Users are tricked into handing over their personal information to scammers by being warned about a phony new login, outdated information that needs to be changed or the need to complete a security checklist to keep their account safe.
There are several ways to defraud someone into turning up their personal information, including copyright violations. When a person posts copyrighted material, they are sent a warning that they must check in to unlock their profile. Scammers now have complete control of their account despite the fact that they did not violate anyone’s copyright.
Verified badge scams and profile hacking services
One of the most sought after badges on social media is the verified badge, which displays a user’s credibility on a specific network. Users are frequently tricked into divulging their login credentials in exchange for the promise of receiving a verified badge. In addition to not being able to verify their accounts, victims may lose their social media accounts.
Profile hacking services, a more contemporary phishing assault version, are becoming increasingly popular among social network users looking for information they otherwise would not be able to get. Rather than stealing user credentials, these assaults lead victims to other services, such as adverts or surveys, which the scammers utilize to generate income.
Follower generator services and 2FA interception
Users who seek to gain more followers on social media are preyed upon by service providers that provide follower generators.
This type of service is frequently advertised or promoted by scammers, and it is generally free or at a cheap cost. These assaults can earn money for scammers by diverting victims to other attacker-controlled sites that show adverts, persuade users to give their login information, or infect their devices with malware.
Many people have started utilizing two-factor authentication (2FA) to protect their social media accounts because of the increasing amount of online scams. There are ways to intercept 2FA codes sent via applications or text messages, which scammers and other cybercriminals are taking advantage of.
How to spot a scam on social media
Knowing how to detect social media scams is half the battle when it comes to avoiding them, which is why the Federal Trade Commission has published a series of guidelines for consumers.
To begin with, scammers frequently pose as representatives of well-known organizations, such as the Internal Revenue Service (IRS) or corporate titans like Microsoft, Facebook, and Google, amongst many others. As a matter of fact, according to a new blog post from the cybersecurity firm Vade, Microsoft was the most commonly impersonated brand in phishing assaults during the first half of this year.
Scammers typically pretend there is a problem that needs to be solved or a prize that can be claimed in their phishing emails or messages. A false sense of urgency may lead consumers to reply, even if they suspect the message is a ruse.
Scammers may also instruct you to make a payment in a specific manner. Paying with gift cards or a certain cryptocurrency, for example, may be required by them.
Although these tactics may be helpful, you should always avoid responding to messages from unknown senders on any social networking platform, just like you would in your email.