Social media makes scams and hoaxes harder to spot

Can we trust our friends not to make questionable decisions on social media? Apparently not, because our friends might actually be scammers in disguise, or just not well-informed. In this article we freshen up three top tips for staying safe on social networks. But just in case you’re in any doubt about how important it is to proceed with caution on social media, consider these three factors:

  • The web is a dangerous place: The security company Sucuri scanned about 10 million websites and found 26% of them were compromised (hosting malicious injections or otherwise blacklisted).
  • People are sharing more personal data than ever: That’s not just a hunch, that was the finding of a seven-year study by researchers at Carnegie Mellon University: Silent Listeners: The Evolution of Privacy and Disclosure on Facebook.
  • Consumers are not the only victims: Criminals conducting cyber attacks against companies are finding social media a great resource (there are several social media attack scenarios in the recently published Trustwave 2013 Global Security Report).

So what are some strategies for staying safe and minimizing risk while using social media (assuming you’ve decided you can’t live without social networks, which is understandable for many people and companies)?

The sanity check

Don't fall for links like thisWhat do you do when you see a link in a friend’s tweet, Facebook or LinkedIn update, Instagram or Snapchat posting? Do you click on it right away or do you think before you click? Hopefully your brain is wired to follow a pre-click thought process that includes these questions:

  • How sensible/relevant is this link? If your friends know you’re not interested in Justin Bieber or Selena Gomez, you should be suspicious of postings about them that seem to come from friends.
  • Do I trust the person who posted it? Some people expand their social networking connections by accepting every friend request they get. That is not a good idea. You should not accept requests to connect from people with whom you have no connection. Here’s one way to explain this, particularly if you have kids: Would you invite every one of your social media friends over for dinner? If not, who would you not invite? Should those uninvited guests be friends?
  • How likely is this post to be from that person? Hopefully you do know your friends on social media well enough to tell if an update is out of character for them. If you see such a post, question them. Their account might have been hacked, or it could be a fake. (Bear in mind there are more than 70 million fake Facebook accounts out there right now and several million of those are thought to be malicious.)
  • Can I get to the linked content through a more trusted channel? If you see a news report on social media that a famous person has died please check the facts before spreading the story. Phoney news stories are often laced with links that lead you to places you don’t want to go.

The out-of-band strategy

No, I’m not talking about quitting your garage band. The term “out-of-band communication” refers to using one channel of communication to verify what is said in a different channel. Social media is not the only way to communicate. If you have any doubts about anything you see on social media why not verify it via a different communication channel, like the telephone, or SMS, or email, or even face-to-face. Think of the number of ways you can ask your friend Joe this question: “Hey Joe, did you really post that link to a Justin Bieber video?” If Joe really posted it, you have something to talk about. If he didn’t, then he is probably going to thank you for pointing out someone else is posting on his behalf (hint: he should change his password on that account right away).

If you are suspicious about a news story you see breaking on social media, go to a legitimate news website and see if you can confirm it. Most people I know think it’s a lot smarter to be the person who does not spread stories that are wrong or totally made up. In the long run you’re not going to keep a lot of friends if you get a reputation for always repeating everything without doing some kind of fact checking.

The stay informed strategy

If you use social media a lot it makes sense to stay informed about new developments, particularly in the area of scams. Even if you are not keen on social media yourself but work in IT security–or maybe you are your family’s IT security person, riding herd on kids or elderly parents–it is a good idea to keep your finger on the pulse of social media developments.

One website I find useful for this is Facecrooks. In fact, I subscribe to their updates via email to make sure I don’t miss any (just go the bottom of the main page to sign up). You can also get updates from the Google Alerts service. Try setting one up for social media scams. That’s how I learned about this article describing kids using Instagram and Snapchat to avoid parental oversight.

Bonus tip: The social media scanner strategy

If all of the above sounds like a lot of mental effort, you’re right. The benefits of social media are many, but exemption from critical thinking is not one of them. However, there is some technology that can help you with this task of weeding out the flaky from the factual: social media scanning. As my colleague Righard Zwienenberg described in some detail last month, a social media scanner can protect you against common scams. He recounts the way the ESET Social Media Scanner flagged a “scandalous” Justin Bieber posting on Facebook that was part of a click-jacking scam (a time-wasting and potentially infectious type of scam we have described before).

The ESET Social Media Scanner is free. I recommend using it if you use Facebook. Even well-informed friends have been known to spread links that really should be banned, not for salacious content but for their infectious and deceptive nature.

Author Stephen Cobb, ESET

  • A Hiller

    The link to your ESET Social Media Scanner (in the last paragraph) returns a 404 Page Not Found error.

  • Stephen Cobb

    Thanks for spotting that! We are fixing it now.

  • Melissa Lundmark

    I choose not to allow ESET to post on my facebook page and it will not go past that. It keeps asking me again and again to reconsider 8x now. If it is a requirement then why ask if I will allow? Please advise. Thanks.

  • http://www.facebook.com/quad.cube.9 Quad Cube

    Nice article.

    BTW, little typo: “…go to a legitimate news website and see [ if ] you can confirm it.”

    • Stephen Cobb

      Thanks! Should be fixed now.

  • Stephen Cobb

    I understand what you mean Melissa because this one took me a moment to figure out myself. In fact, the ESET Social Media Scanner just wants to post the results of the scan to your page. that’s the only thing it wants to post. But you do need to approved that for it to work. However, Facebook’s rules require that apps ask for such permission to be explicitly granted. In other words, we can’t simply include it as a requirement. Does that make sense?

  • http://www.facebook.com/chris.nerbonne1 Chris Nerbonne

    Do you have comment on the silly quizzes that get passed around on facebook, like “I bet you can’t name a state that does not have an “e” in it. Try it!”? These are stupidly easy and seem to pick up a lot of likes, comments, etc. I don’t participate in these, but I wonder what advice I could give to my more trusting friends.

    • Stephen Cobb

      They are most likely trying to collect personal information to target for marketing and other schemes. Ask your friends if they would play a game with a total stranger in the street when the first move involves giving up your name and a photo and a bunch of other personal information.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.