We’ll share four examples of common social media scams — what they are, how they work, and what you can do (and look out for) to stay safe on social media
Congratulations! You’re the latest winner of the Florida Lottery…
Are you lonely? So am I. I’m a lonely and hot high school cheerleader, and I think we should get to know each other…
Hello. I’m a tourist that’s been traveling in Italy and I’ve been detained due to the Coronavirus. I need your help! Please send money ASAP…
What do all of these types of messages have in common? They’re all examples of social media scams. Cybercriminals use messages like these to trick victims into clicking on links, sending personal information, and sending money.
But what do social media scams really entail and how do you recognize them for what they are? We’ll explore these questions and will share several tips for how to stay safe on your favorite social platforms.
What Are Social Media Scams?
According to the FBI’s Internet Crime Complaint Center (IC3), a social media threat is a threat in which the use of social networking and social media platforms are used as a fraud vector. It specifies that social media, by their definition, doesn’t include dating sites, although some sites lump those into their definitions.
But what makes these types of scams so effective? Although, in many cases, cybercriminals are recycling old scams, they’re finding new ways to make them effective again by changing up tactics and approaches. Instead of relying on the old and obvious Nigerian Prince scam, they might instead pretend to be your bank or an attractive military member who’s looking for a little companionship.
What Makes These Scams So Darned Effective
According to Consumers International, social media gives criminals the ability to target you more effectively by providing:
“[…] access to vast amounts of personal data, which can then be used to target specific demographic groups and personalise scams to make them more convincing. For example, using a person’s real name, or making reference to their hometown, recent holiday, hobbies and friends.”
So, basically, they use the information you provide in your social media profiles to trick you into thinking they somehow know you or have a connection with you.
Cybercriminals are able to operate anonymously in a way that they couldn’t in a face-to-face conversation. And people are more likely to let their guard down online than in person. After all, if a random stranger walked up to you and started asking for your personal information, it would set off alarms in your head. But if someone who appears to be a friend or a trusted authority reaches out online, you’re more likely to cooperate.
So, what are five of the most common social media scams? Let’s explore a few examples:
Social Media Scam #1: Romance Fraud and Relationship Scams
They’re attractive, eager, and interested in you — and they’re ready to slide into your DMs.
Romance scams, or relationship fraud, are a type of fraud that involves cybercriminals pretending to be romantically interested in you. These predators pretend to be interested in their targets and woo them to get them to lower their guard. These types of scams often target people who are lonely — senior citizens, people who are widowed, etc.
However, romance fraud scams are a type of relationship scam — a category that also includes people pretending to be family members and friends who are in trouble.
Online dating apps and social media play a big role in how these cybercriminals choose and target victims.
How Relationship Social Media Scams Work
In these types of scams, which could take place over a few days or even months, con artists will create phony profiles using photos of real people. They’re use these profiles to strike up conversations and relationships with their targets to help build trust — which they can then take advantage of.
Ultimately, the goal is to get the victims to send them money, buy things, or to serve as product or money mules. In fact, up to 30% of romance scam victims were used as money mules in 2018, according to the Better Business Bureau (BBB).
Here’s an example of a of a romance or relationship fraud scam that’s been shared by ScamWatch Australia:
Image source: Australian Competition & Consumer Commission and ScamWatch Australia
As you can see from the breakdown of this dating platform message, there are specific types of tactics that these con artists use to try to hook their targets:
- They make it clear that they have interest in the target and want to connect with them.
- They write the messages so that they sound personable (even if they’re not particularly well written) by sharing a little bit of their story, though it’s likely fake.
- They contactor makes it clear that distance is not an obstacle.
Often times, scammers will pretend to be members of the military, missionaries, or medical providers who are overseas working with international organizations. Of course, there are countless other scenarios they could use as well…
Regardless of which scenario or tactic they use, these scams wind up being costly issues for their targets. The FBI Internet Crime Complaint Center (IC3)’s 2019 Internet Crime Report indicates that in 2019 alone, there were 19,473 reported victims of confidence fraud and romance scams with reported losses of $475,014,032 in reported losses. Just to provide a little perspective, that’s an average loss of $24,393.47 per person!
Social Media Scam #2: Free Money Scams
Everyone wants free money, but at what cost?
The truth is that no one gives away money for free — there’s always a catch. Cybercriminals prey on users with fake promises of money — free tuition, grants, lotto winnings, sweepstakes, and loans that don’t have to be repaid, etc. The goal is to get victims to provide information or to send money themselves with the promise of a larger payout in the end.
For example, a cybercriminal could say that you’ve won $25,000 dollars, but for them to transfer the funds to your account, you first need to send them $1,000 from your account to prove that your account is valid or to cover transfer-related fees. If you send them the money, as soon as the funds hit their account, it’s gone, and you’ll likely never hear from them again. Or, if you do, it’s only to get you to send additional money (with excuses for why they haven’t yet sent you money and why you need to send them more).
How Free Money Social Media Scams Work
Let’s take a look at one of these financial social media scams in action. Here is a series of three screenshots of a scam attempt that one of my colleagues experienced via Facebook Messenger:
As you can see, this scam starts out with the cybercriminal reaching out to their intended victim via social media. They’re friendly, helpful, and show that they “care” about my colleague by being concerned about his financial wellbeing. Then, they try to drive him to engage with them through other means (in this case, a phone call) before their social account gets reported or shut down by Facebook. (Note: The profile shows no photo because it was shut down; originally, it used the name and photo of one of my colleague’s actual friends.)
It’s a very simple tactic and, unfortunately, one that works well enough on some people that they continue doing it to try to scam many potential victims.
Social Media Scam #3: Phishing Scams
Ah, yes. No list of social media scams would be complete without talking about phishing. Phishing occurs when someone tries to use social engineering tactics and techniques to get a target to provide personal or financial information, or to get them to do something they shouldn’t. Although phishing typically occurs via email, there are other ways criminals go about carrying out their attacks (such as by using phone calls [vishing] or SMS text messages [smishing]).
So, this means that social media phishing is the same as regular phishing attacks — it’s just that they use social media platforms and messenger programs to do it. In some cases, the threat actor will try to get you to connect with them so they can learn more about you by having greater access to your profile information that may otherwise be private.
It’s important to note that even big organizations fall for these types of scams. Here’s a horrifying example of what happens when a cybercriminal successfully took over the Associated Press’s Twitter account via phishing:
How Social Media Phishing Scams Work
One example of a common type of phishing scam is the “Is This You?!” method. Imagine that you’re scrolling through your feed on Facebook when, suddenly, you receive a Facebook messenger message. It’s from someone whose thumbnail picture you don’t recognize, and they’re saying that they’ve found a cute/sexy/inappropriate photo of you. The message contains a link to an unknown website that’s concealed by a URL shortener. What should you do?
As tempting as it may be, don’t click on the link. It’s a common tactic for cybercriminals to try to get users to visit phishing or malicious websites.
Cybercriminals use social media phishing to spur you to share information or fill out forms that will provide them with information they can use to gain access to your:
- Personal and/or professional email account(s)
- Work account-related credentials
- Banking or financial institution(s)
- Other types of personal or business-related accounts
The way that they get people to provide this type of information is by playing on their emotions or by creating a sense of intrigue or curiosity that drives users to engage with them. They might reach out to you with a message that they think will be of interest to get you to engage – such as messaging you about a cause that you think is important.
Here’s an example of a user who tried to connect with me on LinkedIn before their profile was quickly removed by the platform:
Ultimately, they want you to click on malicious websites that have credential-stealing forms or auto-install malware. And by engaging with these social media scams, you lose.
Social Media Scam #4: Impersonation Scams and Identity Theft
Identity theft is a growing issue in general. As of 2016, the latest year of reporting for the National Crime Victimization Survey (NCVS), 10% of individuals age 16 or older indicated that they were the victims of identity theft within the 12 months prior.
According to the U.S. Bureau of Justice Statistics, the NCVS defines identity theft as an incident that includes three categories of incidents:
- “Unauthorized use or attempted use of an existing account
- Unauthorized use or attempted use of personal information to open a new account.
- Misuse of personal information for a fraudulent purpose.”
On social media, impersonations and duplicate accounts are a serious issue. In its annual report to the SEC, Facebook reported having 275 million duplicate accounts in 2019. Even considering that the company reports having roughly 2.5 billion monthly active users (MAUs), that’s still an exceedingly larger number — roughly 11% of their monthly active users!
How Social Media Impersonation Scams Work
Impersonation social media scams often involve a cybercriminal creating a duplicate account that appears to be coming from a friend or family member. The goal is to gain your trust and get you to add them to your friends list. Sometimes, they’ll even create fake social media accounts using real photos of other people they’ve found online to target random people.
So, how do you know what a valid account looks like for companies?
Here’s what an authenticated or validated Twitter account looks like (note the checkmark next to the name):
How to Identify Social Media Scams and Fake Profiles
Wondering what steps you can take to stay safe while using Facebook, Twitter, Instagram and all of your other favorite social media platforms? Ask yourself several critical questions to ascertain the legitimacy of a profile:
- How old is the account in question? Social media scammers frequently create new or duplicate accounts to try to target potential victims. Most social media platforms show when accounts were initially created, which helps you to more easily identify whether it’s a new or an established account.
- How many accounts is the account in question following? For example, Twitter has specific limits when it comes to the number of followers any given account can have or add within a specific period:
Image source: Twitter
If it’s a new account that’s following hundreds or even thousands of people right away, chances are that it’s not legitimate.
- If the person appears to be a friend or family member, is it a new or duplicate account? One of the most annoying things I continually see is fake and duplicate accounts being created of people I know. On Facebook, for example, I’ve received multiple friend requests from people who appear to be friends or family members and want me to add them to my list of connected friends. The issue? I’m already friends with them on FB. So, when my “cousin” has a newly created account that’s trying to connect with me, I know can look over the profile and easily determine whether it’s legitimate or fake.
- How frequently is the individual posting or tweeting, and are they posting anything of substance? This is a good indicator of whether a site is legitimate. A real person may post or share a few posts a day. But if they’re posting dozens — and if those posts often don’t make sense — then it should raise a red flag that either it’s a scammer or a bot.
- Are they asking you to do something right away? Here’s another major red flag.Okay, let’s say that you’ve engaged in a conversation with a suspect individual. If they’re asking you to do something for them right away, or they’re trying to drive you to engage with them via phone or email, you can pretty much assume that it’s the start of one of the social media scams we’ve been talking about.
8 Tips for How to Stay Safe & Avoid Social Media Scams
This brings us to our final point: What are some of the things you can do to avoid falling for social media scams?
1. Set Your Profiles and Accounts to Private
One of the best ways to avoid being targeted by social media scams is to keep as much of your information private as possible. Don’t give other apps permission to access your profile information or contacts list. Avoid oversharing on your page — just because there’s a field requesting info doesn’t mean you have to fill it out.
Essentially, don’t provide scammers with information about you that they could use as fodder to convince you that they know or are interested in you.
2. Reject Unsolicited Friend Requests
For starters, don’t accept any friend requests from people you don’t know. This is kind of like parents teaching their kids to not talk to strangers. If you receive a request from someone that you’ve never heard of, why would you want to connect with them (and, more importantly, what is motivating them to want to connect with you)?
While it’s likely true that you’re a pretty amazing person, don’t allow your ego to make you vulnerable. Question their motives. The security of your account — and the people you’re connected with on your account — could be affected by you making the wrong decision.
3. Be Suspicious of Friend Requests from Existing Contacts
Just like it’s important to be wary of friend requests from unknown people, you should also be equally as suspicious of friend requests from people you’re already connected with on the platform. If someone you know already has an active profile and, suddenly, you get a request from “them” to add you to another account, you can just about bet money that the new request is from a fake/scam profile.
4. Avoid Engaging with Games, Quizzes, and Survey Scams via Social Media
A lot of the time, online quizzes, polls, and games link to phishing and other malicious websites. It’s best to not engage with these types of posts and links as a general rule. Simply keep scrolling past those kinds of posts in your social feed without engaging in them or close out of the browser window.
5. Don’t Send Money or Information
No responsible or reputable person is going to ask you for money or gift cards — especially not your bank or the IRS. They also won’t ask you for your login credentials or other related account information. So, if you receive such a request (or a demand), beware! And, when in doubt, reach out to the company, organization, or government institution directly using official contact information.
6. Never Click on Unsolicited Links in Private Messages, Posts and Ads
Cybercriminals are always looking for ways to drive users to click on malicious links. This can include creating teaser text in posts that seem scandalous, shocking, or intriguing. If you receive such unexpected private messages from people that contains a link to a shady or unknown website (particularly ones that are shortened using URL shorteners such as Bit.ly), run the other way.
7. Don’t Respond to Online Ads for Earning Easy Money
Like we said before, there’s no such thing as free money. Well, the same can be said about earning a lot of money for doing very little. You can’t realistically expect to earn four or five figures per month doing nothing. These “easy money” scams promise you the world and offer nothing but headaches, frustration, and loss in return.
8. Do Your Research
As the adage goes: If it sounds too good to be true, it probably is. So, before making a purchase via social ads or providing a company with any of your personal or financial information, be sure to carefully research the company. Learn more about them and their website to ensure they are legitimate. One of the ways to do this is to see if it’s using an SSL/TLS certificate. If so, you can check to see if the certificate lists any organizational information about the registered company or organization.