Here are eight ways to avoid scams on social media, and to help protect your personal information from being collected for questionable purposes:
1. Watch out for giveaways, contests, and surveys.
Various parties, including both criminals and others wishing to collect data, sometimes offer “free gift cards” or “amazing discount coupons” under the guise of bringing business to a particular venue, or offer some reward in exchange for completing a survey. These offers are often used to either gain access to your social media account information — if, for example, you need to authorize a Facebook app to access your account to win the prize — or to collect personal information, both of which will ultimately be used for purposes that you may not appreciate. One telltale sign of serious trouble is when a survey, contest, or giveaway is being advertised solely via social media posts, and does not appear on the website or social media account/page of the party associated with the reward, or on those of any other legitimate party. Please do not fall prey — and please do not harm others by re-sharing such posts .
2. Beware of, and make sure to not connect with, fake people.
Criminals often create accounts for nonexistent people in order to connect with real people and then exploit their contacts, or use the information in victims’ private posts to social engineer the victims’ co-workers or friends. For a full description on ways to detect fake LinkedIn accounts, please see the article “How to Protect Yourself From LinkedIn-Based Scams.” Many of the recommendations in that article apply to Facebook and other social media platforms as well. Of course, on Facebook it is also important not to accept friend requests from unknown parties.
3. Beware of connection requests from impersonation accounts.
Before accepting a friend request on Facebook, or a connection request on LinkedIn, from someone you ostensibly know, check that the account actually belongs to that person. Criminals sometimes set up fake accounts using publicly available photos of people. I have, more than once, been impersonated in such a fashion on multiple social media platforms. To help determine if an account is real, see how many friends or contacts the person requesting the connection has in common with you and consider if that number makes sense, see how far back the posts in the account go, etc.
4. Watch out for posts from impersonation accounts.
Crooks have been known to join conversations on Facebook or Twitter by impersonating a party in the conversation. For example, on a business’s Facebook page on which someone has posted a question, a criminal may answer it using an account impersonating the business or one of its key employees. The same is true with tweets to customer service departments or the like. If a business or individual is Verified, all responses from a nonverified account should obviously be treated with suspicion. Be especially wary of links possibly posted by impersonation accounts–sometimes criminals will respond to a customer service request and advise the user to visit a particular website or download some program. Don’t fall prey to such a scam. More generally, never take a risky action on the basis of a social media post or comment–if you have a problem involving something sensitive, contact the business through a venue that others cannot easily listen in to or join; send an email, or even better, make a phone call.
5. Guard against fake live stream and movie offers.
Scammers sometimes offer fake live streams of popular events or movies. The links from these posts often go to websites that distribute malware; or that request a credit card, stating it won’t be charged until after a free trial (of course, there won’t be one–the crooks just want to steal your credit card details); or that ask for personal information, which will then be used either for identity theft or social engineering. Live streams of events should always be accessed on the pages of the events, and movies should always be accessed from parties that legitimately are authorized to provide them.
6. Avoid clickbait.
Whether claiming to offer a scoop about some breaking celebrity news, previously unseen salacious photos of some celebrity, or some secret information that can help you make quick money through some stock investment, criminals have been known to post links that attract attention; the links, of course, often direct to malicious websites similar to those used in the giveaway, contest, and survey scams.
7. Avoid oversharing.
Most people overshare. Significantly. And, often, they do not understand the consequences of their sharing — we saw this recently as many folks expressed outrage regarding the Facebook-Cambridge Analytica situation. If in doubt, don’t post. Oversharing can give criminals the information they need to social engineer you into falling prey to one of the aforementioned six attacks, or assist criminals in tricking your co-workers or friends into falling victim to such scams. And, of course, any social network that is providing you with a valuable service at no charge, is likely making a great deal of money by analyzing and utilizing any and all data that you upload. (Full disclosure: SecureMySocial, of which I am the Founder, offers technology that warns people if they are sharing information that may harm them or their employers.)Any social network that is providing you with a valuable service at no charge, is likely making a great deal of money by analyzing and utilizing any and all data that you upload. #CyberSecurity #InfoSec #SocialMedia Click To Tweet
8. Secure your social media accounts and set strong privacy settings.
If something does go wrong, you want to make sure that scammers cannot easily gain control of your social media accounts and use them to attack your friends and colleagues. A major social media account breach would be embarrassing, to say the least. See my article “How to Be Better at Social Media Than Mark Zuckerberg” for more information on how to protect yourself in this fashion.