Phishing attempts on social media have more than doubled over the past year as scammers find new ways to trick people into providing personal and financial information.
During the first quarter of 2016, ploys to glean log-in credentials, credit card and other ID-worthy information soared 150 percent over the same period in 2015, according to Proofpoint, which provides social media security services to leading companies and nearly 225 million of their individual followers on Facebook, Twitter, LinkedIn, Google+, Instagram and Pinterest.
The current reigning ruses:
1. Impostor customer care: Cybercrooks create fake customer service accounts, via slight keyboard tweaks (say, an extra underscore or character), to intercept messages tweeted to banks, e-commerce or video game producers and phish for log-in and financial account information. “The consumer poses a question to a support site and within minutes receives a response (from an impostor account) providing a link to a solution, which, of course, is also a fake,” notes Devin Redmond, vice president of social media security and compliance at Proofpoint. “The customer not only expects the response, he or she welcomes it and has incentive to follow the link.” If you choose to use social media customer care, be sure to look for the “verified” logo in all communications.
2. Live-stream lures: The bait is phony comments and promises of live video streams of popular events, such as a big football game or boxing match available only in certain markets or on pay-per-view. The hook? Links that lead to scammer-run websites, where there’s no sneak peek, only an attempt to get personal and credit card details, often under the guise of a fake free trial.
3. Fake freebies and discounts: Con artists set up legitimate-looking social media accounts that claim to offer free or dirt-cheap products and services. It’s easy pickings for swindlers to collect names, addresses, phone numbers, emails and other information that they can use for identity theft or to sell on the black market, along with credit cards “required” for shipping and handling charges.
4. Contest cons and survey swindles: In this oldie but goodie, fraudsters post promises of a prize for completing a survey, but the goal is to mine personal information. Crooks’ posts and links appear authentic with URL shorteners.
5. Gossip gotchas: Search terms of celebrity names, coupled with terms such as “video” and “picture,” have long been among the internet’s most typed — and most dangerous for malware. The latest celeb-centric scheme: links that promise illicit videos of Hollywood elite, sports superstars and other household names. Along with malware, many phish for credit card info.
For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.
Also of Interest
- New threats in ransomware
- Three foods you should never eat
- Get Help: Find out if you're eligible for public benefits with Benefits QuickLINK
- Join AARP: savings, resources and news for your well-being
See the AARP home page for deals, savings tips, trivia and more.