Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker.
Where people go, hackers are sure to follow. So it’s no surprise hackers have set up shop on social media. This has been the case for years, yet now social media-based crime is on the rise. In 2019, total reported losses to this type of fraud reached $134 million. But reported losses hit $117 million in just the first six months of 2020, according to the U.S. Federal Trade Commission (FTC).
Among these losses are cases of identity theft, where criminals use social media to gather personal information and build profiles of potential victims they can target. Just as we discussed in our recent blog, “Can thieves steal identities with only a name and address?” these bits of information are important pieces in the larger jigsaw puzzle that is your overall identity.
Let’s uncover these scams these crooks use so that you can steer clear and stay safe.
A quick look at some common social media scams
Quizzes and surveys
“What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen a few of those and similar quizzes in your feed where you use the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet to cook up a silly name or some other result. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts.
Similarly, scammers will also post surveys with the offer of a gift card to a popular retailer. All you have to do is fork over your personal info. Of course, there’s no gift card coming. Meanwhile, that scammer now has some choice pieces of personal info that they can potentially use against you.
How to avoid them: Simply put, don’t take those quizzes and surveys online.
Bogus benefits and get-rich-quick schemes
The list here is long. These include posts and direct messages about phony relief funds, grants, and giveaways—along with bogus business opportunities that run the gamut from thinly-veiled pyramid schemes and gifting circles to mystery shopper jobs. What they all have in common is that they’re run by scammers who want your information, money or both. If this sounds familiar, like those old emails about transferring funds for a prince in some faraway nation, it is. Many of these scams simply made the jump from email to social media platforms.
How to avoid them: Research any offer, business opportunity, or organization that reaches out to you. A good trick is to do a search of the organization’s name plus the term “scam” or “review” or “complaint” to see if anything sketchy comes up.
Government imposter scams
If there’s one government official that scammers like use to put a scare in you, it’s the tax collector. These scammers will use social media messaging (and other mediums like emails, texts, and phone calls) to pose as an official that’s either demanding back taxes or offering a refund or credit—all of which are bogus and all of which involve you handing over your personal info, money, or both.
How to avoid them: Delete the message. In the U.S., the IRS and other government agencies will never reach out to you in this way or ask you for your personal information. Likewise, they won’t demand payment via wire transfer, gift cards, or cryptocurrency like bitcoin. Only scammers will.
Friends and family imposter scams
These are far more targeted than the scams listed above, because they’re targeted and often rely upon specific information about you and your family. Thanks to social media, scammers can gain access to that info and use it against you. One example is the “grandkid scam” where a hacker impersonates a grandchild and asks a grandparent for money. Similarly, there are family emergency scams where a bad actor sends a message that a family member was in an accident or arrested and needs money quickly. In all, they rely on a phony story that often involves someone close to you who’s in need or in trouble.
How to avoid them: Take a deep breath and confirm the situation. Reach out to the person in question or another friend or family member to see if there really is a concern. Don’t jump to pay right away.
The romance con
This is one of the most targeted attacks of all—the con artist who strikes up an online relationship to bilk a victim out of money. Found everywhere from social media sites to dating apps to online forums, this scam involves creating a phony profile and a phony story to go with it. From there, the scammer will communicate several times a day, perhaps talking about their exotic job in some exotic location. They’ll build trust along the way and eventually ask the victim to wire money or purchase gift cards.
How to avoid them: Bottom line, if someone you’ve never met in person asks you for money online, it’s a good bet that it’s a scam. Don’t do it.
Protecting yourself from identity theft and scams on social media
Now with an idea of the bad actors are up to out there, here’s a quick rundown of things you can do to protect yourself further from the social media scams they’re trying to pull.
- Use strict privacy settings. First up, set your social media profile to private so that only approved friends and family members can access it. This will circulate less of your personal information in public. However, consider anything you do or post on social media as public information. (Plenty of people can still see it, copy it, and pass it along.) Likewise, pare back the information you provide in your profile, like your birthday, the high school you attended, and so on. The less you put out there, the less a scammer can use against you.
- Be a skeptic. You could argue that this applies to staying safe online in general. So many scams rely on our innate willingness to share stories, help others, or simply talk about what’s going on in our lives. This willingness could lower your guard when a scammer comes calling. Instead, try to look at the messages you receive beyond face value. Does something seem unusual about the language or request? What could be the motivation behind it? Pausing and considering questions like these could spare some headaches.
- Know your friends. How well do you know everyone in your list of friends and followers? Even with your privacy settings set to the max, these people will see what you’re posting online. Being selective about who you invite into that private circle of yours can limit the amount of personal information people have immediate access to via your posts, tweets, and updates. However, if you like having a larger list of friends and followers, be aware that any personal info you share is effectively being broadcast on a small scale—potentially to people you don’t really know well at all.
- Follow up. Get a message from a “friend” that seems a little spammy or just plain weird? Or maybe you get something that sounds like an imposter scam, like the ones we outlined above? Follow up with them using another means of communication other than the social media account that sent the message. See what’s really going on.
- Look out for each other. Much like following up, looking out for each other means letting friends know about that strange message you received or a friend request from a potentially duplicate account. By speaking up, you may be giving them the first sign that their account (and thus a portion of their identity) has been compromised. Likewise, it also means talking about that online flame with each other, how it’s going, and, importantly, if that “special someone” has stooped to asking for money.
Stay steps ahead of the scams on social media
Above and beyond what we’ve covered so far, some online protection basics can keep you safer still. Comprehensive online protection software will help you create strong, unique passwords for all your accounts, help you keep from clicking links to malicious sites, and prevent you from downloading malware. Moreover, it can provide you with identity protection services like ours, which keep your personal info private with around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance.
Together, with some good protection and a sharp eye, you can avoid those identity theft scams floating around on social media—and get back to enjoying time spent online with your true family and friends.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.