The Meridian Blog: Tech News, Tips & More for SMB and Enterprise Environments

5 Most Common Ways Hackers Use Social Networking for Cyber Attacks

Robert Bruce

Posted by Robert Bruce
Tue, May 05, 2015

Internet social networks such as Twitter, LinkedIn and Facebook have revolutionized the way we interact and conduct business. Tweeting, liking, and Googling have become the action verbs of the 21st century, similar to the way faxing and texting entered our vocabulary in the 20th century.

Today, Facebook has over 1.4 billion members. If it were a country, it would be the most populous nation on Earth. And, like any large population base, there are people on Facebook who are trying to get away with a variety of scams.

From fake apps to fake like buttons and more, cyberattacks are emerging on social networks at an alarming rate. The Federal Bureau of Investigation (FBI) even has a webpage devoted to the subject. It’s a recommended read for any individual or small business owner with a social media presence.

There are lots of risks in cyberspace, and here are five of the most prevalent social networking scams currently out there:

  1. Fake news
  2. Fake offers
  3. Fake apps
  4. Like jacking
  5. Click jacking

Read on to learn more about each of these scams, as well as how to spot and avoid them.

1. Fake News

One version of this hoax impersonates Facebook itself, and it spreads rapidly. A scam message says that Facebook has released a new membership pricing structure with gold, silver and bronze levels of membership. It claims you can avoid paying by sharing the message's text with your friends before midnight. If not, says the message, you'll be forced to pay next time you sign on to Facebook.

Image Source: Facebook to start charging $2.99/month? It’s nonsense! from WeLiveSecurity.com

This scam spreads because it appears friends are doing their friends a favor by sharing. Not only is Facebook a free service, Facebook has publicly stated several times that it will always remain so. 

Although Snopes, WeLiveSecurity.com, and many others have debunked this scam multiple times since 2009, it continues to resurface again and again. 

The purpose of this ruse seems to be to gather passwords or credit card numbers. Ignore it.

2. Fake Offerings

Invitations to join fake events or bogus groups, with incentives such as free gift cards, abound on social networks. Joining often requires the user to share passwords, permissions and/or financial information with the attacker, or at the very least, send a text to a premium rate phone number. 

Sometimes these phony offers use an old, but surprisingly still effective, technique — the chain letter. Twitter messages claiming that retweeting them will result in Bill Gates or some other billionaire donating X amount of dollars to some charity or disaster relief fund are completely false. That’s not how charitable contributions work.

Image Source: Esurance Super Bowl Twitter Contest Attracts Scammers

The motive behind these types of scams seems to be to gather “friends” to be exploited later in more nefarious scams, or to once again collect credit card or other financial information. Break the chain and do not retweet, re-send or forward any such messages, and please don't fall for fraudulent appeals for charitable donations. Before making a donation, you should always fact-check via the charity's website, Google search results, and sites like CharityNavigator.com, an online resource for investigating and evaluating charity organizations.

3. Fake Apps

According to research from the Cheetah Mobile Threat Lab and charted by Business Insider Intelligence, there has been a sharp increase in fake apps targeting social networks. They are designed to trick people into revealing personal information and granting permissions so scammers can access mobile devices and steal passwords, credit card info, and more.

In just the first 8 months of last year, over 15,000 fake apps affected more than 100 million users across all the major social networks. More than half (8,107) were on Facebook alone. Before downloading any app, always check the file size — fake apps are usually very small. Also, if the app asks to send text messages or to access the Internet for you, it is likely fake. Think twice when apps request permissions to access data stored on your device or in other apps, or to perform actions on your behalf. Finally, any app that wants a password or other confidential information from you should be avoided at all costs.

RELATED: Your Biggest Threat to BYOD Security Could Be Your Employees

4. Like Jacking

The ubiquitous Facebook “like” button is easy to abuse. Put it on your page, and if a Facebook user visits your site and clicks on it, a link to your page gets added to their activity stream. Suddenly, their friends can see that link, click on it and be led directly to your page. When that second person arrives, the Like button is personalized for them — it shows which of their friends have already clicked it, and when they click on it, a link to your page gets added to their stream.

Like jacking attempts to get users to falsely endorse products, using posts that are likely to attract viewers, such as an offer for a free gift. It then spreads through automatically generated shares and likes. The initial post may be enabled through a hacked account or the acceptance of a request to add a friend, who turns out to be a scammer.

To protect yourself from like jacking, use caution in clicking, liking or sharing posts and be extremely wary about any free offers. Facebook users are encouraged to be skeptical of messages posted in social networks, even if they are from friends. Users should also avoid downloading files or filling out questionnaires just to see a picture or a video.

5. Click Jacking

Clickjacking occurs when a scam artist or cyber crook places an invisible button or other user interface element over of a seemingly innocent web page button or interface element using a transparency layer, which you cannot see.

Facebook Like and Share buttons have been hidden under other buttons so that, when clicked, users would voice their preference for something or share something with their friends unknowingly in order to generate viral marketing for a product or to propagate malware.

RELATED: Defend Against Destructive Ransomware and CryptoLocker Malware

Crooks, scammers, and con-artists have always been around, and they probably always will. While the Internet, social media, and other technological advances have created new avenues for them to exploit, older methods like office supply and telemarketing scams remain prevalent, as well. Education and awareness can give you an edge and help defend against scams and dishonest business practices alike. Check out our free guide, How to Protect Yourself Against Office Supply Scams and Toner Pirates, to protect your business from a class of fraud that is far less commonly discussed and runs rampant among business. 

This free guide will teach you how to better protect yourself from office supply scams.

Robert Bruce

Ready to Become a Pro?

 Our White Paper can help.

whitepaper-4-key-elements-for-building-your-technology-road-map-thumbnail-3Subscribe to our blog and get your copy of "4 Key Elements to Consider When Building Your Technology Road Map"

You'll learn:

  • What role people play in determining your road map
  • How to build a plan in a multi-device world
  • What types of applications need to be considered
  • How data plays a key role in success

 

Subscribe to get your copy

Leave A Comment

About this blog

News, best practices and more to help you get the most out of your office technology. Whether you're an SMB owner who wears a lot of hats, or an enterprise IT director, facilities manager or just someone who wants to work smarter — this blog has the resources you need to maximize the business impact of all your tech investments. Be sure to subscribe to receive email updates about new posts!

Download our eBook

 
DM_Workbook_Cover_Page.jpg

Download

Sort Posts by Topic

see all