Phishing Scams Continue to Plague Social Media Sites

by Adam Baker on 13 October 2009 3 comments
Photo: Respres

Social Media is going through an unprecedented explosion in popularity right now. Don't believe me? See for yourself. There are no signs this trend is going to slow anytime soon.

But this huge surge in popularity also makes the various social media networks a prime target for scams. While these social networks do a great job of proactively fighting the onslaught of spammers and scammers, occasionally a well-timed attack can slip through the cracks.

Just in the last couple of weeks, both Twitter and Facebook have both had several accounts compromised by viral phishing scams. In general terms, a phishing scam is any attempt to capture or steal personal information from an unknowing victim. In the social media world, this often is the process of trying to capture the username and password of a given social network account.

Most of us are familiar with getting spam messages or half-hearted scamming attempts in our e-mail or on our social media accounts. However, what makes these scams particularly effective is that they often times will be sent by someone that you already know. Once they obtain the login information of just a few initial accounts, scammers will then send out more messages to everyone connected to the compromised accounts. This means even just a couple accounts can quickly snowball into thousands.

Of course, the messages are specifically designed to pull at your curiosity. Here are the sample messages from the most recent attacks:

Twitter:

rofl this you on here? http://videos.twitter.secure-logins01.com

Facebook:

lmao! i cant stop laughing at you in this pic, when did you do this? http://tllg.net/xyzxyz

As you can see, there are a lot of similarities between these two different scams. First, they both reference the fact that some funny has happened in either a picture or a video. This is a very strong and effective pull for the far majority of people to want to know more. Also, both of the messages contain all lower-case lettering, which is common in unformal chatter between online friends.

And the scam has other things working in it's favor. In the example of Twitter given above, the link took you onto an extremely well replicated version of the log-in page. Because Twitter has an open API (meaning it easily allows third parties to develop applications), there are many legitimate and trusted sites which do have you log-in when using them. So many Twitter users don't second guess having to enter their log-in credentials.

ARTICLE CONTINUES BELOW

So what can YOU do to help avoid all this madness?

  • Do not use the same password for your e-mail and your social media accounts. Take the time to create a separate, strong password for each of your online accounts. It's well worth it.
  • Be extremely weary of direct messages asking you to view pictures and/or video. As we pointed out above, this is a common theme used by scams.
  • Even if it appears to be a legit request, be sure to establish contact with the "friend" who sent it. Ensure that their account hasn't been compromised.
  • When it doubt, don't risk it. If you notice some of the formatting similarities we outline above or the message seems uncharacteristic in any way, there's probably a reason.

If you think one of your social media profiles has already been compromised, take the following steps immediately:

  1. Change your account password, including any other online accounts that share the same password.
  2. If you can't access your account, attempt to reset your password to the account.
  3. If able, delete any spam messages that were sent out by the scammers.
  4. Try to let your friends know that your account was compromised to prevent anyone from following the links further.
  5. Report the incident to the social network itself, so they can track and eliminate the spread of the scam.

Further resources on similar topics...

Lastly, if you aren't a scammer or spammer yourself, consider following @WiseBread and @ManVsDebt on Twitter!  You can find even more to follow on WiseBread's list of Top Personal Finance Blogs.

0
No votes yet
Your rating: None
ShareThis

comments

3 discussions

Add New Comment

CAPTCHA
This test helps prevent automated spam submissions.
Guest's picture
BRZL

great points !

I think an obvious piece you should keep in mind on these social sites is to keep your personal information general. ie - don't include your house number, the city you live in is close enough. Be careful about sharing your phone number as well and above all - NEVER give out your social security number under ANY circumstance.

PS - lmao at this picture i posted of you on my blog, click on my name to see the whole thing

J/K ! !

Guest's picture
that guy sitting next to you

Don't post anything you wouldn't want your worst enemy seeing. If something can be used against you, leave it out. Keep personal info general.

Guest's picture
Steve C.

I love Phish! I don't know why every keeps getting so down on them. People need to relax and stop criticizing people's choice of music.

Free the weed!