Risks associated with cyberattacks
“All of the common techniques for online fraud are being adapted for social media. This is because everyone uses these platforms and they’ve made committing fraud easier,” explains Tony Fachaux, cybersecurity awareness expert at National Bank.
On social media, a fraudster can:
- Take over your account after having illegally obtained your password on the dark web or by resetting it after answering your secret questions.
- Steal an identity by creating a fake account using personal information collected about you or your loved ones, post on it, and make contact requests to make the account as credible as possible.
- Pass off for a credible company, figure or senior executive at a company in order to catch your attention and deceive you with fake contests or fake news, for example.
That’s when the fraud comes into play. “The classic thing is a phishing scam, like you see with emails, but it’s done on social media,” the expert adds. “The end result is the same: the user clicks on a malicious link, then the device is infected or confidential information is obtained using a fake website.”
Popular scams on social media
Regardless of the platform, fraudsters’ methods are the same. Here are some common social media scams.
Let’s say you created your account 10 years ago. In that time, you’ve shared photos of your dog Margot and articles about your elementary school. Your mother, who still goes by her maiden name, comments on your posts. With this information available on your profile, a fraudster could have all the answers to your security questions. They could then reset your password and access your account to commit fraud.
The safe thing to do is to set incorrect answers to your security questions. “That way, even someone who knows you won’t be able to log into your account,” Tony Fachaux adds. “But you have to remember your fake answers, obviously. That’s why we recommend using a password manager, which can also store confidential information like these fake answers.”
Imposters on a professional network
Your boss’s boss just sent you a friend request. You first recognized them from their photo, then you noticed that they’re connected to all the other members of your team. You’re delighted to receive a message from them with a link about good news regarding the company. Wait before you click.
Using fake accounts created on professional networks, fraudsters manage to fool users from a specific company or industry. Then, they send an attachment or link containing malware. Always make sure that a link is legitimate before clicking on it.
Malware links on your feed
You’re looking at the latest posts on your feed. Suddenly, a clickbait article on a recent study on the effects of COVID-19 catches your attention. The 280-character message entices you to know more, so you quickly click on the shortcut link without wondering if it will lead you to a malware site that could infect your phone.
Shortcut links are everywhere on social media and are also used by fraudsters. To avoid falling into their trap, preview the whole link before clicking on it; all URL shorteners also provide a way to view the original link (you can easily find this information online). If the link appears suspicious, don’t click on it.
You see a contest photo on social media. Underneath, you can read the steps to follow to participate: “Share the photo, post a comment and send us a direct message.” It’s simple and they’re offering a great prize, so you try your luck. You’re then asked to click a link and enter your personal information to sign up – that’s when your personal details fall into scammers’ hands.
Many fake contests are organized by fraudsters on social media; some even involve hidden fees (if you’re asked to phone a number, for example, you may be charged for the call). So be careful, especially if it seems too good to be true.
Just like chain mail, a fraudulent post can grow and go viral by urging people to share a message with their contacts that turns out to be false.
An online romantic relationship
Someone you don’t know sends you a direct message. Their photo is attractive, and their sweet talk makes you blush. You chat for months. Even though you still haven’t had the chance to meet, you enjoy the relationship. One morning, your online partner is all out of sorts: they have to fly out for a family emergency, but they don’t have the means to buy a ticket. You want to help, so you lend them the money they need… And you never hear from them again.
According to the Canadian Anti-Fraud Centre, victims of romance scams have reported millions of dollars lost. Don’t be blinded by love on social media.
Five tips to help you protect yourself on social media
Here are some ways you can outsmart fraudsters.
1. Protect your online accounts
Choose a strong and unique password for each platform. You may have many passwords to remember; a password manager could help you store them securely. Also, whenever it’s available, enable two-factor authentication.
2. Limit the amount of personal information you share
The less you share, the lower the risk. That goes for both identity information (first name, last name, city) as well as details about your work.
3. Check your privacy settings
It’s important to pay attention to the information you share, but you also have to control who you share it with. After you’ve changed your settings, check them again regularly as they can change.
4. Beware of fake accounts
Be vigilant when accepting friend requests. You can recognize a fake profile on social media if they have a lot of followers, if they don’t take part in conversations on their page, or if their interactions are rapid-fire. After having created a fake account, a fraudster will try to communicate with their targets via chat to send them apps or links. Be careful when interacting on social media, because one wrong click can lead to fraud.
5. Control your online identity
To curb the risk of a fraudster using your identity without your knowledge on a platform you don’t use, create an account for yourself there anyway. “These days, I think that not having an online presence is a mistake,” Tony Fachaux adds.
How do you report fraud?
If you think someone has hacked your account because it shows direct messages having been sent without you knowing, for example, immediately contact the social network on which the fraud occurred. And if you’ve noticed instances of fraud on your bank account or your credit report, even though you’ve followed security best practices, contact your bank as soon as possible. After they’ve verified the case, you’ll recover the money soon and they will help you report this instance of fraud.
To limit the risk of social media fraud, develop the same safety reflexes as you have for your email. Fraudsters adapt their tactics to people’s behaviour, so prevention is key.
There are simple things you can do to protect yourself.