More than 4,000 Facebook users fell prey to this scam in one weekend, a hit rate any cybercriminal would consider a resounding success.
Like many other social web scams, in order to receive the promised gift card, users were prompted to repost the link to their Facebook wall. This action triggered a viral spread across the user’s network, and clicking on the scam redirected users to a series of sketchy destination sites. Although this is just one example, social network scams are working so well this holiday season, and you can bet that millions of cybercriminals are invading your favourite social sites. You may have unknowingly friended some of them already.
Most web users are less wary of scams on social networks than they are in email channels. In the eyes of the cybercriminal, social networks offer a unique level of credibility: we’re used to clicking on unfamiliar links on our News Feed, and we’re used to seeing enticing deals distributed over social channels. While many of us would jump straight to the “Spam” button if this arrived via e-mail, a surprising number of us are convinced when a scam shows up in our Facebook or Twitter account appearing to come from a friend.
The really bad news: these social media scams can be severely devastating for victims. You may not just be out the $20.00 you think you’re spending on an iPad; oftentimes, scammers hold on to your credit card information for months or years, continuing to hit you with secondary scams and identity theft attacks. Moreover, clicking spam links is a common way for you to infect your computer with a virus or malware, putting your personal information at risk and making your system even more vulnerable to further damaging attacks.
How to protect yourself
As a user, the best way to defend against cybercriminals this holiday season is just like Grandpa used to say: “If it sounds too good to be true, it probably is.” Be wary of links that promise unnaturally steep discounts, free items like smartphones and electronics, and unsolicited commercial advertisements. As enticing as these offers may be, it’s important to cross check them before clicking the link.
Do a little homework—find the company’s Facebook or Twitter account and check their website—and consider reaching out to the user who purportedly shared this deal with you. Scammers often try to create a sense of urgency to discourage this due diligence: “Act now! Limited time offer!!!” but don’t let them rush you into their trap. Finally, always avoid giving any personally identifiable information or credit card details to sites you don’t recognise or that don’t feel right.
As an owner of a web site or social network, knowing about these growing problems and taking them seriously is the first step. In the six months that our service has been in production, we continue to see sites where protection against social spam is an afterthought.