What cybersecurity experts want you to know about social media scams
This post is part one of a two-part series on cybersecurity.
If you have a social media account, you’ve probably come across an online scam at some point – maybe even without realizing it. Phishing scams are prevalent on apps like Facebook, LinkedIn and Twitter – and nothing spells “digital strategy disaster” like getting caught in one.
Luckily, information is power, so to help you stay safe online, we spoke with cybersecurity expert Steve Biswanger, President, CISO Division of CIO Association of Canada.
Keep reading to discover Steve’s expert advice on identifying social media scams.
Social media scams to look out for
When keeping an eye out for social media scams, it’s important to keep scammers’ motivations in mind.
If someone wants to profit directly from you, Steve says they might send:
- “Unsolicited links for products like pharmaceuticals, calling cards and fake contests. When you click on the link, you’ll be prompted to provide payment.”
- “Scary messages claiming that your device has been infected or compromised. When you click on the provided link or call the provided number, they accept payment to ‘clean up’ a problem that was probably never there to begin with.”
- “Alarming messages claiming to be from your bank, asking you to log in to confirm account details. If you click the link, you will see a website that looks just like the bank’s, but isn’t. If you provide your login credentials, the bad actors (a.k.a. scammers) use them to log into your real bank account and take your money.”
For scammers who want access to your accounts, they might “send you a message warning that your account has been compromised, or that there was a suspicious login attempt from a foreign jurisdiction,” Steve warns. “They’ll encourage you to click a link and confirm your credentials, which will just provide the login credentials to the bad actors, compromising your account for real.”
Some of these scams are extra sneaky, too. Steve says that seemingly innocent online personality quizzes can be used to gather personal information – like the name of the city you were born in or the make of your first car. These personal details can be used to answer your online accounts’ security questions.
If the bad actors want access to your phone or computer, they can send malicious links that download malware to your phone, which is then used to send costly messages or phone calls.
Don’t make these mistakes
If you’re unsure of whether or not you’re being scammed, Steve says it’s better to be safe than sorry.
“Never click on a link provided by someone unless you are absolutely certain who sent it,” he advises. “Pretending to be someone else is very easy on the internet. Even if a link comes from someone you know, their account may have been compromised. Do not reply to the message or otherwise engage with the sender.”
Steve says that attempting to outsmart scammers won’t pay off, either. “Their full time job is to convince you to give up your money, your credentials or your information. They have more experience convincing than you do defending.”
While social media scams might seem scary and stressful, educating yourself about common scams makes it easier to identify them – and to protect your digital presence.
Stay tuned for next week, when we’ll reveal what you should do when faced with an online scam.
Thanks again to Steve for all of the invaluable cybersecurity advice!