Phishing Scams Continue to Plague Social Media Sites
Social Media is going through an unprecedented explosion in popularity right now. Don't believe me? See for yourself. There are no signs this trend is going to slow anytime soon.
But this huge surge in popularity also makes the various social media networks a prime target for scams. While these social networks do a great job of proactively fighting the onslaught of spammers and scammers, occasionally a well-timed attack can slip through the cracks.
Just in the last couple of weeks, both Twitter and Facebook have both had several accounts compromised by viral phishing scams. In general terms, a phishing scam is any attempt to capture or steal personal information from an unknowing victim. In the social media world, this often is the process of trying to capture the username and password of a given social network account.
Most of us are familiar with getting spam messages or half-hearted scamming attempts in our e-mail or on our social media accounts. However, what makes these scams particularly effective is that they often times will be sent by someone that you already know. Once they obtain the login information of just a few initial accounts, scammers will then send out more messages to everyone connected to the compromised accounts. This means even just a couple accounts can quickly snowball into thousands.
Of course, the messages are specifically designed to pull at your curiosity. Here are the sample messages from the most recent attacks:
rofl this you on here? http://videos.twitter.secure-logins01.com
lmao! i cant stop laughing at you in this pic, when did you do this? http://tllg.net/xyzxyz
As you can see, there are a lot of similarities between these two different scams. First, they both reference the fact that some funny has happened in either a picture or a video. This is a very strong and effective pull for the far majority of people to want to know more. Also, both of the messages contain all lower-case lettering, which is common in unformal chatter between online friends.
And the scam has other things working in it's favor. In the example of Twitter given above, the link took you onto an extremely well replicated version of the log-in page. Because Twitter has an open API (meaning it easily allows third parties to develop applications), there are many legitimate and trusted sites which do have you log-in when using them. So many Twitter users don't second guess having to enter their log-in credentials.
So what can YOU do to help avoid all this madness?
- Do not use the same password for your e-mail and your social media accounts. Take the time to create a separate, strong password for each of your online accounts. It's well worth it.
- Be extremely weary of direct messages asking you to view pictures and/or video. As we pointed out above, this is a common theme used by scams.
- Even if it appears to be a legit request, be sure to establish contact with the "friend" who sent it. Ensure that their account hasn't been compromised.
- When it doubt, don't risk it. If you notice some of the formatting similarities we outline above or the message seems uncharacteristic in any way, there's probably a reason.
If you think one of your social media profiles has already been compromised, take the following steps immediately:
- Change your account password, including any other online accounts that share the same password.
- If you can't access your account, attempt to reset your password to the account.
- If able, delete any spam messages that were sent out by the scammers.
- Try to let your friends know that your account was compromised to prevent anyone from following the links further.
- Report the incident to the social network itself, so they can track and eliminate the spread of the scam.
Further resources on similar topics...
- 33 Ways To Thwart Identity Theft
- Mystery Shopping Scam
- Jury Duty Scam
- How To Avoid Being Caught By Scammers