Social media has changed the world in so many ways that it’s hard to think of life before Facebook, LinkedIn, Instagram, etc. But as the popularity of social media has grown, so have the threats that we are all exposed to on a daily basis.
Unfortunately, even though there is so much awareness about online scams there is still a large part of the world’s population that is not private enough with the information they post online, making them prone to being the victims of cyber crime.
- Avoiding Facebook Scams
- Common Instagram Scams
- Tinder Scams: Bot Love Hurts
- How To Spot a Social Media Scam
Avoiding Facebook Scams
Getting “catfished” (luring someone into a relationship by means of a fictional online persona) is not the only possible way you can get scammed on the world’s most famous social media platform. While there are several different ways in which you can get scammed on Facebook, one of the most recent forms of scam that has appeared is that of access token theft.
There are many different types of access tokens, but the most well-known to the common mortal are called ‘cookies’. They are what keeps the security credentials of a process, such as a login session, which is why they are sometimes known as ‘session tokens’. The access token identifies the user, their groups, privileges and even applications.
An access token is used only to represent security information, but it is also capable of keeping other types of data that can be stolen. This is only the first step that is needed to log into an account and depending on the platform, a password may or may not be needed, which is how a third party can access your account information without your knowledge or consent.
When an access token has been stolen, a hacker has access to a user’s personal data and credentials without needing to gain access to a password or username.
Now, you don’t really know too much about the existence of access tokens because they’re basically invisible to you. They’re almost like signals that are only sent once an action to log in to a page has been initiated, yet we all know about cookies because of most website’s constant pop-ups asking us to enable cookies.
How does the scam work?
While being logged into Facebook, you may receive a link from a page or an account that asks you to access your Facebook account in order to grant permission for something.
These pages are usually games, fan pages or surveys that ask for your verification at the end of taking a quiz. When you give permission, an access token is generated and the cyber criminals get to work.
As many games and applications require this type of request, it is easy for hackers to make a link look legitimate and trick you into giving access to your account. Once you have clicked on the link and granted access, your account can be used to spread spam.
Preventing Access Token Theft
It may be hard to identify when an app is legitimate or not, especially if you initiated or opened the app yourself, which is why you have to be extra careful and take a few extra steps to make sure your access token is not the only step a hacker needs to access your account.
1. Limit Cookie Expiration Times
All session tokens have an expiration time or date. Some session tokens expire the moment you log out of your account and get renewed the next time you log on, however it could be that you never log out of your account.
It is recommended that you go to your browser’s settings and set the expiration date for your cookies to be no longer than 24 hours. This way, if your account is breached only data from the last 24 hours will be accessed. If you set your expiration date to 12 hours, that’s only as far back as it will be possible to gain access to the data read within that time frame.
2. Use a Two-Step Verification Process
In order to keep you protected from having your user token stolen to access sensitive data, most e-commerce websites and social media platforms ask you to verify your credentials even though you may already be logged into your account.
This is important because the two-step verification process may not stop a hacker from accessing your personal data, but it would prevent them from having access to your account or to even gain control of it.
3. Log Out of Your Account
Something that most people don’t do on a normal basis is to log out of their social media accounts when they are not using the account. Always staying logged in is something that could put you at risk because logging out deletes the token on a user’s computer, which is exactly what you want to do to stay protected.
Deleting the token leaves hackers with little opportunity to gain access to your account, which is why it is recommended to delete all of your cookies regularly and to log out of your accounts.
Incorporating these three measures to your habits and social media routine will certainly mitigate your chances or having a data breach and having your account accessed to send spam to your other contacts, which will more than likely be messages that contain viruses and other types of malware.
Common Instagram Scams
There is a plethora of ways in which you can get scammed on Instagram, but when it comes to cyber scams, there are three prominent ways in which you can fall victim: credit card fraud, fraud on paid subscription services and phishing scams.
As Instagram is the king of visual aids, it’s a social media outlet that is so attractive to the eye that it is a marketing dream for e-commerce businesses. As long as someone likes what they see on your image, it’s almost certain to generate a sale.
How do the scams work?
Given it’s easy for fake profiles to be created on Instagram, these fake pages also set up false e-shops where they ask you for your debit or credit card information so you can buy products at a lower price than normal.
As you put your details in, not only is your card charged, but your card details have also been stolen. Of course, you can also count on the fact that you will not be receiving the merchandise.
Phishing scams occur frequently on Instagram, you’ve probably already seen messages along the lines of “Hi, my name is Julie, I’m a spokesperson for ABC Cosmetics and would love to do a collab with you so you can become one our brand ambassadors…”
Because so many people fall for this claim and want to be Instagram ambassadors for anyone, they do it without thinking twice. By giving a stranger your personal information, they can access your account and data such as your phone number and email address.
If a scammer has gained access to your account, they could change the password to prevent you from getting your account back.
Preventing Instagram Scams
The ways in which you can prevent a scam on Instagram may require more of an eagle eye than you probably imagine at the beginning. Unlike with other types of scams, you really need to know what you’re looking for in a profile to know if you can trust making a purchase or not.
1. Check for Spelling Mistakes on Page
The most common red flag you will see on a fake profile or page are spelling mistakes. Accounts that belong to legitimate brands avoid making mistakes at all costs and invest a lot of time into details such as grammar and spelling to portray their brand.
2. Make Sure the Profile Has Been Verified
You will need to look for the blue seal of verification that tells you that a profile is unique and legitimate. If you don’t see this sign, be wary of the information posted on this account and doubt anything you may see or receive on a private message.
3. Check the Page Contact Information
If a page is legitimate, it will have contact information available. If there is no way of contacting the company, you should be suspicious. But even when there is contact information at hand, you still need to question the information you are presented with.
If you see an email address, check that the domain after the @ sign presents the name of the company. If you see a gmail type of account or anything else that anyone can register, the profile is most definitely not legitimate.
Just like with Facebook, you should also enable the two-step verification process to access your Instagram account. This step in addition to the three recommendations displayed in this section will help to guide you on what to look for when it comes to understanding the difference between a legitimate and an illegitimate account.
Tinder Scams: Bot Love Hurts
Hopeless romantics are not the only individuals you can find on Tinder. The popular app used to find love and arrange casual encounters is also full of fraudsters and scam artists waiting to claim their next victim.
While you may think Tinder leaves little room to fall victim due to the lack of personal information that can be displayed, it is actually an app with people who are vulnerable to trusting and sharing personal information.
However, sharing personal information willingly on Tinder is not the only danger that awaits users. Being an active member of the app exposes you to scams such as the code verification and the malware scams that so many fall for on a regular basis.
How Do the Scams Work?
A scammer may gain access to your email address if it’s leaked from another website that had a data breach or even from Tinder itself. The truth is that no one really knows where our email addresses were taken from, yet we have all received the typical email that asks us for a code verification to get our accounts verified once we sign up for an account.
As this is such a popular request from legitimate websites, many of us open these links with the expectancy that you will need to simply update your personal details without knowing that this will result in data theft.
Most of these emails are generated by a bot and can gain your trust easily by emailing you from what appears to be the legitimate source, until you look closely.
The other possible cybersecurity issue on Tinder is malware. Although it may seem difficult to fall victim to malware, it’s actually easier than you may expect. A lot of people’s profiles commonly share their usernames or links to their other social media accounts such as Instagram, Facebook or Snapchat.
This Tinder scam works by linking illegitimate accounts that once you click on them, they open an infected file that contains malware and contaminates your device.
As hackers use bots for conversations to gain a user’s trust, the person on the other side of the computer may not realise they are not actually speaking to another person and may click on the link they are sent with the hope of connecting with someone outside of Tinder.
Finding Love, Not a Scam on Tinder
To protect yourself from getting scammed on Tinder and potentially being disappointed with a chance of finding someone special, you should be cautious to not share personal information so quickly.
Sometimes sharing basic details may seem like it’s not such a big deal, but a hacker can do a lot just by knowing your email address, date of birth and full name.
1. Do Not Click on Third Party Links
Even though a person may be dreamy and just the brightest ray of sunshine you have ever encountered, you should still not be so trusting to click on links within the app. Instead, ask for a username and look them up yourself. As most people already do that, you should be automatically suspicious of bot activity or ill intentions if you receive a link instead of information.
2. Look for Signs of Bot Activity
This one may seem simple, but some bots are programmed so well that you would never know you weren’t talking to another person.
In order to find out if you’re talking to another human, keep a conversation within Tinder for more than a couple of days and try to repeat a question to see if the answer is consistent in terms of wording and consistency of the first answer you received.
By applying these two measures, you may very well be on your way to a hot date instead of worrying about getting your credit card reported for fraudulent use.
How To Spot a Social Media Scam
Although you may have just learned different ways in which you could get scammed on social media, you should also known that there are signs you can look for in order to recognise if you are talking with a bot and on your way to getting scammed or if you’re actually communicating with a person looking for the same thing as you.
If a profile on social media shows one or more of the signs in a conversation on social media, you should immediate stay alert and suspicious:
- There is only one image that may resemble professional photography. They usually do this so that they can offer to show you more pictures by clicking on a link. This link is normally infected with malware.
- The profile shows promiscuous content or images to lure others. With this technique, those who are looking for casual encounters will be tempted to get in touch with this “person” so that they may engage in contact with someone “looking for a casual encounter.”
- The person on the profile replies incredibly fast and may even use references to your profile, however, they will continue the conversation until the user asks for pictures or other type of contact information. This normally leads to fraudulent links or infected landing pages.
- The person on the profile may appear to be thousands of kilometres away, but still wanting to gain your trust to share personal information. If a person insists on trying to obtain some basic details you may be facing a scammer. Do not share details until you have done a video call and are sure that there is a real person of flesh and bone on the other side of the device.
Although most social media users do have quite a good sense of awareness of catfishing scams occurring, they may not be as informed about how easily they put themselves at risk of a hacked account by simply not logging out of their accounts.
It is important to be educated about the possible risks everyone faces online, so you can react accordingly when a fishy situation occurs.
The best way of preventing a data breach through social media is to stay educated, learn about the risks you face and take the time to discover the process of a scam.
Happy social networking and stay safe!