With more than 60 million active social media users as of last year logging an average daily use of 4.17 hours, Filipinos spend more time on social media compared to anyone else in the world, according to We Are Social’s Digital in 2017 Southeast Asia report.
This fondness of Filipinos towards social media has resulted to cybercriminals exploiting social media platforms to prey on unsuspecting netizens. However, users of these sites remain careless, making them highly vulnerable.
This was proven by a study conducted by Kaspersky Lab last year which revealed majority of Filipino internet users are averagely at risk to attacks online. The research also showed only 1 out of 10 netizens (11%) can identify a safe Facebook web page. Facebook is the top used social media site in the country.
“While social networking sites appear like a safe online playground for millions of Filipinos, we would like to remind them that cybercriminals are lurking on the other side of the screen waiting for their next victim. The prevalence of scams in social media should serve as warning alarms for Filipinos to take their online security seriously,” says Sylvia Ng, GM at Kaspersky Lab Southeast Asia.
As security is a two-pronged process, it requires effective security solution and users’ cyber savviness, here are the known social media scams plus tips from Kaspersky Lab on how to avoid them:
1. Scam: Mutual connection
In this scam, a stranger contacts you through social channels and claims a common interest or a mutual connection, for example, from an introduction at a wedding or large gathering. If you post a lot of pictures and haven’t updated your privacy settings, it’s easy for cybercriminals to make some educated guesses about how to best approach you.
Tip: If you receive such a claim, dismiss the conversation. Don’t provide further personal details and don’t add that person as a friend. Also, update your privacy settings to share your photos and posts only with people you really know.
2. Scam: Message from a friend
This scam appears as a private message from your friend. Attackers might have already accessed your friend’s credentials and forwarded them to a third party which can then use it to send spams to you and others.
Sending spam from real accounts works better for cyber criminals than setting up false accounts because people are more likely to trust a message from one of their social media friends. They are more likely to click on suspicious links or to open questionable messages than they would if the message looked like it was coming directly from, say, a bank.
Tip: If you start to get suspicious of social media messages from your friends, notify them immediately (but not by responding to any of those suspicious messages) that their accounts have likely been hacked. If you are redirected to a new page when you open the message, check the URL of this page. If it isn’t in line with where you expected to be sent to, leave immediately.
3. Scam: Bogus password reset requests
A user might, for instance, get an email that has all of the themes and imagery of a typical message from a social media account, except this email will tell the user they need to reset their password and will offer that user a login prompt to do so. The user clicks on the prompt, is directed to a fake webpage that looks like the social media site, and then the user enters their login and password. Just like that, the phishing attack has succeeded.
Tip: Compare the address of the sender to the address that usually appears when you get an email from this person or organization — it’s probably a fake. Look for telltale signs of forgery in emails that request personal information – spelling errors are immediate red flags.
If the prompt to a webpage to enter your data has an URL that is different than the site you expected to be going to, that is a sure sign of a phishing attack.
4. Scam: 18+ Video and Malicious extension
The scammer starts by hijacking several social media accounts. On their behalf, the criminal shares a post with a link to something that is supposed to be a YouTube video suitable for adults only. The bad guys also tag about a dozen friends of each of those accounts. The video would not play, and the page would suggest that you install a browser extension in order to play it. When installed, that extension steals your data because it has access to all the data the user inputs in the browser, including your logins, passwords, and credit card information — as soon as they type it in on some site.
The other thing it does is posting the same link to the same video on the victim’s social media page such as Facebook and thus continuing to spread the malware.
Tip: If your friend wanted you to click on a link, he would surely give you a better description as to why you should click. Either do not click on the link, or click and be extremely cautious about what you do next. Do not install or get rid off extension with no description, no screenshots and no rating.
5. Scam: Trending topics
Twitter created the concept of “trending” topics, and hashtags are the medium for labeling content to increase its popularity. However, there are users who hijack trending topics to lead to content that masquerades as relevant to the topic, but instead includes a link that leads to offensive or harmful web pages.
Beware, because whether it’s the latest celebrity buzz or a major tragedy in the news, trolls are particularly effective at doing this because their posts during sensitive times inflame readers —tweets mocking victims of school shootings, for instance — and by outraging people can entice them to click through to bad content.
Tip: Don’t feed the trolls and just ignore or report them. Whether they are bullies or spammers, sooner or later you’re going to end up with unwanted and potentially malicious followers. Periodically scroll through your list of followers and block to prevent them from seeing your updates.
6. Scam: Calls for help
Scammers often trick victims with shocking stories about dying babies, drowning puppies, or struggling veterans. Such posts travel around social networks disguised as calls for help and generate a lot of reposts, but a large proportion of them are scams. In fact, they are used for financial theft, phishing, and spreading malware. Real calls for help are usually created by your family, friends, and friends of your friends.
Tip: Be vigilant and do a check on each post before clicking its “Like” or “Share” buttons. Don’t want to check each and every post of this kind? Then don’t click on it at all — don’t risk turning yourself and your friends into scam victims.
Most importantly, ensure that your web browser, antivirus, and all software programs on your computer are always updated to the latest versions that have the latest security patches.