Most of us have faced cyber attacks sent by our best friends - Facebook "offers" they've clicked by accident, spamming everyone on their friends list, or Twitter stories they've shared without checking.
Social networks are fertile ground for cybercriminals - and with big news stories driving surges of thousands of posts per minute, it can be difficult to spot which ones carry malware and scams.
ESET Security Evangelist Stephen Cobb says, "Can we trust our friends not to make questionable decisions on social media? Apparently not, because our friends might actually be scammers in disguise, or just not well-informed."
Cobb offers a detailed guide to spotting scams and hoaxes here.
ESET's Social Media Scanner offers a quick, free way to check out if that news story on Facebook is true - or a scam. It never hurts to be cautious, though - and here are five classic scammy and spammy posts you should NEVER click.
The “one-fact story” where people share without reading
Twitter’s text-only format lends itself to attacks where outrageous headlines are used to lure unwary users to share stories - without reading them. Celebrity news service E! News’s Twitter account to fall victim to hackers this year, with a series of false Tweets that began with a claim that Justin Bieber was gay.The Tweet, which said, "Breaking! Exclusive: Justin Bieber to E! online 'I'm a gay’”, was retweeted 1,200 times. It is often safer to Google the subject of a link or type a website’s main URL into a browser instead of clicking the link.
The one where your friend breaks a global news story
If you see a news story pop in your feed, but only once, be suspicious. Big news usually spreads quickly, with multiple stories, spread by different friends and different sources. Facebook and Twitter malware often spreads as outrageous news stories - "World War II breaks out" was used a couple of years ago - usually directing people to upgrade their video software, thus downloading malware. Be suspicious of any out-there news story sharing on Facebook. Go outside Facebook, Google and check it - and if possible, don’t click, and don’t share.
The one which begs you for “Likes”
"Like" this post to get a freebie - or to help someone collect a million "Likes"? Any page that begs you for “Likes” should be treated with suspicion. Scammers use viral pages to build up hundreds of thousands of likes, then sell the pages on to other companies. Your “Likes” also remain visible forever - and could serve adverts to your friends. Any pages you have "Liked" are also now searchable in Facebook’s new Graph Search. Visit your Activity Log and make sure you haven’t “Liked” any companies, products or sites you wouldn’t want the world to know about.
Any post - on any network - which mentions diets
Scammers often hawk diets that offer “amazing weight loss” - so the mere mention of the word “diet” should make you nervous. Instagram saw one of its first large scale spam attacks this summer - pictures of fruit began showing up in users’ feeds, linking to a fake BBC news page headlined, “"Tropical Fruit Burns 17 Pounds in 22 Days. Exclusive Offer for Readers.” The images linked to a bogus page, disguised by URL shortening service bit.ly.
The news outlet you've never heard of
At the peak of the frenzy surrounding the birth of the Royal baby, 23,500 tweets mentioning the news were sent per minute. Cybercriminals know this, and send out bogus news links to blend in with the flurry of “real” news. Have you heard of the news outlet? Is there something suspicious about the story? Don’t click the link - Google the story instead, or go to a site you trust.
The friend who sends you a gift card
These can actually look quite tempting when they arrive shared by a friend - but they're usually scams. “Gift cards” offering amazing freebies are a staple scam - and have been seen recently on picture-sharing networks such as Pinterest, where a stage of getting that “free gift” is, inevitably, to share the post to all your friends. The “gifts” don’t exist - instead, you’ll either end up handing over personal details, or worse, downloading malware.