How do criminals use social media to steal information?
- Cybercriminals use social media to identify victims and steal their personal information. By posing as an online friend, a fraudster could trick you into sending money or sharing.
- By following your feed, a phisher could gather details for a highly targeted attack. To minimize your risk, decline friend requests from people you don’t know.
- Be thoughtful about what you share online, and take care with links: Before you click, hover your mouse over the URL to see its true destination.
- When you share on social media, do you have an audience in mind? Maybe that photo of your kids helps you connect to faraway relatives, while a shot of your old stomping grounds sparks a chat with college buddies.
Unfortunately, when you think about who’s watching on social, you should also consider cybercriminals.
Fraudsters use social networking platforms to identify victims and steal their personal information. Before you share any meaningful information or even accept a request to connect with someone you don’t know in real life, consider these common ways criminals can manipulate social media.
Social shares lay the groundwork for targeted attacks
There’s a wealth of personal information available on social media. Unfortunately, criminals can use those details to power sophisticated phishing attacks.
The more criminals learn about you, the more they can tailor their approach. And that’s bad news, because highly personalized attacks are more likely to succeed.
For example, if you’ve shared your workplace online — like the 177 million people in the U.S. who are on LinkedIn — a bad actor could use that information to launch a type of phishing attack known as whaling, in which a thief’s attempt to steal credentials or even cash is disguised as a directive from your CEO.
If you’ve shared a particular passion or hobby online, a fraudster could use those details to lure you to a landing page that looks legitimate, but actually installs malware on your computer or steals your credentials.
And if you communicate regularly with friends on social media, a phisher could mine those public conversations, use the details to convincingly pose as your friend, then ask for your log-in information or other sensitive details.
What’s more, bad actors may be monitoring your feed for clues to your password — so make sure yours doesn’t include something easy to guess, like your dog’s name.
Your online activity can lead to crimes in the physical world
Unfortunately, criminals don’t stop at phishing attacks. Some use social media for reconnaissance before planning a crime in the physical world.
That’s why it’s wise to delay vacation posts until after you’ve returned home. When you’re posting in real-time about your two-week honeymoon abroad, you’re also sharing publicly that you’re not home, and won't be for some time. Burglars can log on to social networks too — and may see your extended trip as an invitation to stage a break-in.
The same idea also applies to daily life. Posting in real time could reveal your regular schedule or your location at any given time. Why not delay Instagram posts or location check-ins by a few hours or even a few days?
As an added bonus, you’ll have more time to make sure your posts aren’t revealing more than you intended — like that family photo taken on the front porch that happens to include your house number.
Be wary of fake accounts — and real ones that have been hijacked
When you’re communicating online, it’s not always easy to confirm that a person is who they say they are.
According to a Pew Research study, 49 percent of social media users say they use the networks to make new friends. But those online friends may actually be fraudsters looking to mine your personal information. One way to reduce this risk is to decline friend requests from people you don’t know in real life.
Still, even close friends and verified public accounts can be hacked. Additionally, any online request that involves sending payments or sharing personal information should be regarded with suspicion, even if it seems to come from a trusted brand, celebrity, or real friend or acquaintance.
Social media best practices
- Life in the digital age isn’t without danger — but that’s no reason not to enjoy the internet. When using social media, consider these guidelines:
- Decline friend requests from people you don’t know in real life
- Don’t post in real-time — wait a few hours, or even a few days, before sharing content that reveals your location
- Be thoughtful about sharing personal details online
- Be wary of requests for sensitive details or payment information, even if they seem to come from a close friend, celebrity, or major corporation
- Be cautious when clicking links from your social media feed; hover your mouse over shortened URLs to confirm the real destination
Social Media Scams Alert - Scams on Social Media
- Social media sites ask for, and often get, a large amount of personal information from users. Unfortunately, identity thieves may use that information to perpetuate scams, especially if you use personal information when creating security passwords.
If you have a public Facebook profile that gives your birth date and your parents' names and that kind of thing, they can provide the answers to security questions that your bank might have on its Web site. Even if your profile is private, identity thieves may find other ways to get your information.
Spammers, hackers, trying to sell products using fictitious profiles. Be careful about adding social networking "friends" you don't know in real life. And remember, just because a social media site asks for information doesn't mean you have to give it.
*** Never sending money to someone who asks for it over a social media service, there have been reports of scammers hijacking accounts and posing as friends.
Older Americans are increasingly active on social media, especially Facebook, which is used by nearly three-quarters of U.S. adults ages 50 to 64 and half of those age 65 and over, according to 2021 survey data from the Pew Research Center.
But be careful where you click: Fraud is prevalent on popular social networks like Facebook, Instagram and Twitter, and getting more so.
The Federal Trade Commission (FTC) received more than 95,000 complaints in 2021 about scams that originated with social media ads, posts or messages, a six-fold increase since 2019. Those incidents cost consumers some $770 million, accounting for a quarter of fraud losses reported to the FTC in 2021 and making social media the most profitable way for scammers to reach consumers, the agency said in a January 2022 report.
Many of these cons simply put a social media spin on older online frauds. Romance scams, fake stores and bogus investments (often involving cryptocurrency) are rife on social networks, according to the FTC. Your social feeds might also be full of fake corporate giveaways, nonexistent government grants, supposed sweepstakes winnings and ads for questionable health aids, intended to get you to send money or click on malware-loaded links.
Crooks are also customizing social media cons for the coronavirus pandemic. They post bogus ads for COVID-19 testing or treatment, or hack Facebook accounts and, disguised as your actual friends or relatives, send out private messages with purported links to urgent health information or pandemic "relief grants."
Forgery. Loan fraud. Counterfeiting consequences and penalties are harsh. Six bad money habits.
Signing Someone Else's Name on a Check - Signing someone else's name on a check is generally considered forgery and would be illegal in most states. But suppose an adult child signs an elderly parent's name because the parent is incapacitated or a parent signs a child's name because the child is away at college. Guess what? Those signatures are still forgeries, unless a power of attorney is in effect.
Using Someone Else's Identity to Obtain Credit - The use of someone else's name and identity to obtain credit is an obvious no-no.
Lying on a Home Loan Application - Homebuyers and homeowners who want to refinance may be tempted to inflate their income or hide some of their debts to better their chances of a "yes" from the lender. But lying on a loan application is fraud, and lenders do check up on applicants' information, according to Kaplan.
Writing 'Bad' Checks - Many banks offer overdraft protection that kicks in if you write a check for more than the balance of your account. But writing a check that you know is no good is illegal.
Copying U.S. Currency - Color printers, scanners and copiers make it surprisingly easy for just about anyone to replicate U.S. or foreign currency. But it is, in fact, illegal to print your own money and try to spend it to buy goods or services.
Defacing U.S. Currency - Accidental damage to currency normally isn't illegal, deliberate defacement is. Federal law prohibits any action that mutilates, cuts, defaces, perforates or glues together U.S. currency or otherwise renders bills unusable.