Fraud Goes Social
Today in our always-connected digital age, cyber criminals are gaining more and more potential victims to target. How? With the growing popularity of social networks, guess where cyber attackers are now waiting? Fraudsters have taken to social media, showing up on Facebook, Twitter, Instagram, Snapchat and even dating apps like Tinder. Seemingly harmless social posts now could be just one click away from infecting you with some nasty malware.
Scammers usually have one goal in mind when they attack: money. They will trick you to click on an infected link, download or install something, like or follow a social profile, and even share something to your profile or send it to your friends. Unfortunately, they will do almost anything to monetize your online actions and social networks are giving them another outlet to do so.
The tricky thing about social media is that it typically attracts users that are more inclined to click on ads or links. This is what makes social networks so attractive and appealing for cybercriminals to target. Scammers’ social posts are becoming more malicious and are filled with links built to steal personal information (like your passwords), track your browsing activity and even activate your computer’s webcam or microphone. There is also a growing trend of scammers stealing login credentials and also asking for payment information. The following are a few ways scammers are attacking on social:
Like-farming: Like-farming is when a scammer posts an attention-grabbing story for the sole purpose of cultivating likes and shares. For example, based on the way Facebook works, the more likes and shares a post has, the more likely it is to show up in others News Feeds. Like-farming gives scammers access to a much larger audience to trick for personal information or to send to a malicious link or download.
Clickjacking: According to Google, Clickjacking refers to the practice in which threat actors modify the appearance of a Web page, or part of a Web page, to trick users into clicking on something different from what they assume they are clicking on. In such attacks, also referred to as user-interface redress attacks, users are presented with a web page, ad or other content that conceals underlying content that the attacker actually wants the user to click on.
Phishing: Phishing is when cybercriminals attempt to trick you into giving them sensitive information or even money. For example, some scammers use phishing attacks on social media by pretending to be a representative of that network. They contact you and then try to trick you to click on a link to: reset your password, reconfirm your account, etc. Their goal is to lead you to a site that appears to be legit, where you will be prompted to enter sensitive information. From your name to email address, phone number, credit card details, passwords, and so on; this information can be used to access your account and to further spread malicious links by sending messages to your friends.
Malware: Malware is malicious software that is designed to disrupt or damage your data, software or hardware. Cybercriminals can spread malicious software on social media through adware (forced advertising), spyware (steals your sensitive information), or ransomware (software that encrypts your content, blocks access to your system and demands payment in return to gain access back). In conjunction with clickjacking, scammers can create a fake “like” button that is actually a malicious link that sends you to a page with a lot of spam & popups or to a page that’s infected with malware. IM worms are also being dispersed on Facebook Messenger and used to spread links to malware.
Protect Yourself & Your Business
Even if you’re not being directly targeted, experts say that you should always be mindful of how much information you are sharing on a social network. It’s important to note that the nature of Social Media scams is also changing. Social media scams are being used to gain access into online businesses and organizations. Scammers are seeing this as a new opportunity and targeted attacks appear to be on the rise. Although employees are often aware of the dangers of clicking links and opening documents that arrive via email, usually they are less wary of links on social media. This makes businessmen and women that share their employment information on social networks, like Facebook, a prime target. The amount of information about us is growing online and it’s important to start taking more control of privacy and security to avoid attacks.
Here are a few Basic Security Tips:
- Don’t click on suspicious links or attachments
- Keep your software up to date (including browsers, add-ons, plugins, desktop apps, etc.)
- Install a trustworthy antivirus and keep it up to date.
- Be skeptical. If it looks too good to be true, it probably is.
Unfortunately, fraud and cyber criminals are not going to disappear anytime soon and they are attacking on all networks. Even e-commerce platforms are a hot target for hackers. Gaining access to credit card information, contact numbers and other valuable information is like a gold mine to cyber criminals.
Here at BMT Micro, we are continually adding new features and functionality so our vendors stay competitive in the world of ecommerce and their customers’ sensitive information is kept safe. Our main goal is to ensure the safety of all transactions between vendors and customers. We hear so much about people’s information being stolen or hacked today. BMT Micro strives to be an e-commerce company where customers can rest assured that their information is and will always be protected. We also want our vendors confident in the knowledge that with the right level of fraud protection, it will decrease the likelihood that their product will be taken advantage of or fraudulently used.
We continually make sure that online security measures remain a priority. If you have questions or concerns about your current fraud prevention or if you are interested in learning more about BMT Micro’s offerings please contact our vendor services at firstname.lastname@example.org.