By Vanessa Papas
Scams on Facebook – we’ve all come across them once or twice and most of the time they’re easy to spot. Sometimes though, these scams are so realistic that even the smartest of us get trapped. Scammers know this, which is why they track celebrities’ popularity and use the top ones as lures for malware scams and identity theft. Emma Watson, Jessica Biel, Eva Mendes, Selena Gomez, Halle Berry, Megan Fox, Shakira, Cameron Diaz, Salma Hayek and Sofia Vergara are among the top 10 celebs used in Facebook scams.
In the first quarter of 2018 Kaspersky Lab’s anti-phishing technologies prevented more than 3.7-million attempts to visit fraudulent social network pages of which 60 percent were fake Facebook pages. The results demonstrate that cybercriminals are still doing what they can to get their hands on personal data…and, in turn, steal your money.
“Social network phishing is a form of cybercrime that involves the theft of personal data from a victim’s social network account. The fraudster creates a copy of a social networking website (such as a fake Facebook page), and tries to lure unsuspecting victims to it, forcing them to give up their personal data – such as their name, password, credit card number, PIN code, and more – in the process,” explains Nadezhda Demidova, lead web content analyst at Kaspersky Lab.
“At the beginning of the year, Facebook was the most popular social networking brand for fraudsters to abuse, and Facebook pages were frequently faked by cybercriminals to try and steal personal data via phishing attacks. This is part of a long-term trend: in 2017 Facebook became one of the top three targets for phishing overall, followed by Microsoft Corporation and PayPal. Earlier this year, Facebook also led the social network phishing category, followed by VK – a Russian online social networking service – and LinkedIn. The reason for this is likely to be the worldwide 2.13-billion active monthly Facebook users, including those who log in to unknown apps using their Facebook credentials, thereby granting access to their accounts. This makes unwary Facebook users a profitable target for cybercriminal phishing attacks.”
Nadezhda says this all reinforces the fact that personal data is valuable in the world of information technology – both for legitimate organisations and attackers. Cybercriminals are constantly searching for new methods to hit users, so it’s important to be aware of fraudster techniques to avoid becoming the next target. For example, the latest trend is spam e-mails related to Europe’s General Data Protection Regulation. Examples include offers of paid webinars to clarify the new legislation, or invitations to install special software that will provide access to online resources to ensure compliance with the new rules.
“The continuous increase in phishing attacks – targeting both social networks and financial organisations – shows us that users need to pay more serious attention to their online activities,” says Nadezhda. “Despite the recent global scandals, people continue to click on unsafe links and allow unknown apps access to their personal data. Due to this lack of user vigilance, the data on a huge number of accounts gets lost or extorted from users. This can then lead to destructive attacks and a constant flow of money for the cybercriminals.”
Nadezhda urges readers to take the following measures to protect themselves from phishing:
Always check the link address and the sender’s e-mail before clicking anything – even better, don’t click the link, but type it into your browser’s address line instead.
Before clicking any link, check if the link address shown is the same as the actual hyperlink (the real address the link will take you to) – this can be checked by hovering your mouse over the link.
Only use a secure connection, especially when you visit sensitive websites. As a minimum precaution, do not use unknown or public Wi-Fi without a password protection. For maximum protection, use VPN solutions that encrypt your traffic. And remember: if you are using an insecure connection, cybercriminals can invisibly redirect you to phishing pages.
Check the HTTPS connection and domain name when you open a webpage. This is especially important when you are using websites which contain sensitive data – such as sites for online banking, online shops, e-mail, social media sites etc.
Never share your sensitive data, such as logins and passwords, bank card data etc. with a third party. Official companies will never ask for data like this via e-mail.
Use a reliable security solution with behaviour-based anti-phishing technologies to detect and block spam and phishing attacks.
The cliché comes into play: If it sounds too good to be true, it probably is. If someone you don’t know offers you free cash, it’s probably a scam.
If someone asks you for personal or financial information, do not provide it unless you know the person requesting it.
Be very stingy with your prepaid card details. Research the person online. It is probably a scam.
And never give out PIN numbers. Ever.