Cybercriminals Use Social Media For Fraud

With billions of trusting users and lax security, social media has become a hotbed for cybercrime activity.

Cybercriminals use social media for fraud isn't breaking news anymore. Scammers, fraudsters, phisherfolk, would-be-Nigerian princes, and fake ex-military veterans looking for love have been plying their trade on every social media platform for years. Terms such as social engineering, vishing, smishing, spear phishing, and whaling have been floated around as potential threat vectors. Cybercriminals even use the native encryption capabilities of messaging apps like Telegram, Instagram, and WhatsApp to communicate with each other.

The numbers are quite alarming:

• Social media attacks increased by 43% in 2019 as cybercriminals continue to find new ways to exploit platforms and users.
• People who use Snapchat, Facebook, and Instagram are 30% more likely to be victims of fraud.
• There were 3.5 billion social media users in 2019, almost half the world's population (45%).
• Facebook leads all platforms with 2.32 billion active users daily.
• More than half of all social media logins (54%) are fraudulent, and 25% of new account signups are fake.

However, the most alarming statistic isn't the number of people who use social media platforms. It's already a given that people are going to flock to services that can connect them with other people for free, whether it's for dating, family, school, friendship, work, or a variety of different reasons. The most alarming stat is that social media incidents took up 56% or more than half of the 4.5 billion records compromised in data breaches in 2018 alone.

Social Media Use Is Free, But There's A Price To Pay

Anyone can create a social media account on any platform - it's free, but not really "free." Users give up a substantial amount of information about themselves in exchange for using the service. Social media platforms need your personal information and use it to locate your network and tailor how you experience what they're offering. Adding to the wealth of collected data is the fact that users upload photos, videos, and other details about themselves for the sole purpose of sharing them with other people.

All this information adds to a user's online profile, which can also include login details for other websites, a feature that lets you use your email or Facebook credentials to sign up for a new account. So much personal user data is stored in social media accounts, which is why cybercriminals love to target them. It only takes one data breach to steal all this sensitive information, which could then be used to perpetrate all sorts of scams and fraud, either targeting the user or using the details to hit other people.

Since social media platforms are designed for people to share everything, criminals can use all the bits and pieces of information for social engineering, phishing attacks, identity theft, and other forms of fraud. There's also the issue of rogue apps on mobile phones that impersonate legitimate brands and trick users into divulging their details or granting access to their devices.

How to Protect Yourself From Social Media Fraud

All social media platforms are at risk of a cyberattack. Users that don't secure their accounts for a possible data breach or takeover are the most vulnerable. Use these tips to safeguard your social media accounts.

Monitor Your Identity

Monitor your personal information to watch out for data breaches that may involve your online accounts. These services will alert you when a data breach or other cyberattack occurs, and if your email and personal details have been compromised.

Learn How To Spot Phishing Attempts

To stop attempts to steal your details or credit card information, you need to know what a phishing attack looks like. Phishing is a type of fraud that uses email, SMS, or social media to try and trick users into giving up their login credentials, personal information, or financial details.

Watch out for telltale signs of a phishing attempt:

• The message has grammar and spelling errors.
• The email or message is generic and doesn't address you by name. Banks, online stores, and other services like Google or Facebook will always use your first or full name when they contact you.
• The title usually starts with "re: Attention" or something similar. Any email that uses "urgent" or "attention" without addressing you by name and urges you to act immediately is most likely a scam.
• The email or message is unsolicited or unexpected, like a service you never signed up for or a bank you don't have an account with.
• The sender is asking you to send your personal or financial details via email to update your account, or else it will be frozen is a scam.
• The sender is asking you to update your details via email, by filling out a form, by downloading a file or app, or by clicking on a link is a phishing attempt. Banks and other financial institutions will never ask for your information via email.
• The brand logos and fonts used are weird, or the domain name is similar but not quite the real thing.

Practice Good Online Hygiene

The best defense against social media fraud is knowledge and a dash of common sense. Always ask yourself questions, such as "do I know this person?" or "am I expecting correspondence from this brand?"

Rules to go by:

• Never open unsolicited emails or messages.
• If you accidentally open one or are curious and want to know more, do not click on any links within the message or download any files.
• Never send personal details via messenger, SMS, or email.
• Use different usernames and strong passwords for all your accounts. If you have duplicate login credentials, change them now.
• Enable multi-factor authentication if the platform or service offers it.
• Protect your devices with security software (firewall, antivirus) and always use a VPN, especially when using public WiFi.

Conclusion

Cybercriminals love social media, but not because they can connect with their friends or long lost family members. The platforms attract billions of users who inherently trust the service because other people they know and trust are using it. This false sense of security is what the cybercriminals are banking on - users who think nothing can harm them online make easy targets. Don't be a victim. Always question the messages, friend requests, and emails that come your way. Don't blindly click on a link or download anything just because a person from your contacts sent it. That could very well be a phishing attempt designed to trick you. Always remain vigilant and never fully trust the online world.

About the Author:

Daniel William is a Cyber Security Expert. His great passion is to maintain the safety of the organization’s online systems and networks. He knows that both individuals and businesses face the constant challenge of cyber threats. Identifying and preventing these attacks is a priority for Daniel.
You can reach Daniel at Linkedin.