Social Media :
Social Media has its own set of unique risks, whether it’s phishing attacks, protecting corporate accounts from compromise, fighting fraud, or defending against social engineering scams like impersonating accounts
Social media accounts are susceptible to exploitation, probable attacks that can happen are (a) #HashtagHijacking (b) Cross-Site Scripting (XSS) & Cross-Site Request Forgery (CSRF) (c) Pharming (d)Phishing and ClickJacking (e) Identity Theft and (f) Impersonation.
Few Red Flags :
Whether it’s a quick money or copy product or work from home or an impersonation or a quick job on social media, few red flags, that you should notice are
- It sounds too good to be true.
- Promising guaranteed with very high returns.
- Pressure to buy/accept Immediately “Expires Today”
- Affinity Fraud – Advertisements by Paid Social Media Influencers
- You are paying in advance
Few Social Media Frauds :
- Work from home frauds – House wives and students (victims) are prompted to pay a processing fee in order to gain large sums of money and the scammers pretending to be officials from law and enforcement collect the money by the way of social engineering them for the errors they have made during the work from home tasks.
- Advertisement Frauds – Social Media Market Place are popular destinations for Fraudsters where Copy Products (Replica) are displayed and sold. (i.e., white-stones.in, jollyfashion.in, fabricmaniaa.com, takesaree.com, assuredkart.in, republicsaleoffers.myshopify.com and fabricwibes.com) Many never dispatch the products and they don’t provide “Cash on Delivery” Feature.
- Job Frauds “Open to Work” – Job Portals are a popular destination for Fraudsters, they look for people who have a status of open to work and do the social engineering and dupe the innocent people in the form of collecting registration and backdoor charges. Since there is no factchecking facility on job portals, it’s recommended to cross check before you start a conversation.
- Money Double Frauds – Often we see posts claiming to give 2000 to 3000 INR per day, they mimic popular stores like Amazon, Snapdeal, Naptol, and Jabon. Victims end up buying a product that is virtually displayed on a website with a virtual value (No Physical Product). Anyone who buys this product, the referral will get referral margins that get added to the virtual value. Unfortunately, this virtual displayed money can never be withdrawn forever.
- Money Transfers – Sensitive information leakage through social engineering scams (You’re more likely to share information with a profile whom you think is your CEO or CFO, authorizing a payment transfer!)
- Facebook Impersonation – Seeking money from common friends posing an emergency (Many police officers accounts are cloned / impersonated – Most happening Social Engineering Scam Now – Transfer money only up on talking in person or over phone after due verification)
- Honey Trapping / Cat Fishing – It’s a well-known scam, where a fake social media profile is created in order to seduce a victim into a fictitious online relationship, in order to extract money from the victim by blackmailing.
- Likes and Followers – A scammer creates a fake social media profile, to sell likes, retweets, shares, comments and followers are most popular in India where bots are used.
- Pump & dump schemes – It involves social media advertising of a company’s stock through false and misleading statements to the marketplace made on social media platforms and chat rooms. They do social engineering with readers and make them buy a stock quickly or to sell before the price goes down.
Social Media Safety Tips :
- Use strong passwords with Capital, Numeric and Special Characters.
- Use separate emails and passwords for banking, social and personal accounts
- Don’t use social media on public devices or with public Wi-Fi.
- Disable access to Geolocation (GPS) feature for your social media platforms.
- Be wary about clicking shorts links from friends in social media – These links tricks you into providing personal information to steal your money or identity, or cause malicious software to automatically infect your social media accounts.
- Use two-factor authentication for all Social Profiles.
- Keep personal information to a minimum, even on your private social profiles
- Log out of the social media account completely to terminate the online session.
- Delete the computer’s “temporary Internet files” and Internet history so that no cache is used for phishing or targeted marketing.
- Buy products only from reputed e-commerce sites and not through social media advertisements – See the URL completely for its legitimacy.