THE INCREASING RATE OF SOCIAL MEDIA SCAMS

Social media is now the driving force that drives the world crazy in the ICT network. The young, old and even the under aged are caught up in the web of social media. This force is so powerful to the extent that it is now overshadowing other electronic media. In order to escape risk of phasing out, these other media outfits are now leveraging social media to keep up with the new trend. We are in a world where criminals follow the money and are looking for the latest and advanced method to help increase their haul. All roads now lead to social media platforms. The rise in popularity of social media platforms implies that scammers have taken note and taken advantage, and various forms of scams are being seen on these platforms. People voluntarily and unconsciously share enticing videos, stories, pictures, and offers that actually include links to malicious and fraudulent site. This attest to the fact that millions of people are using well-established social media, and of course, where there is decaying animal there is certainly will be maggot. Criminals will always go wherever there are people to be victimized.      

In 2014, it was reported (2015 Internet Security Threat Report) that criminals hijacked the power of “social proof”—the idea that we attribute more value to something if it’s shared or approved by others. Criminals exploited this theory by hacking real accounts on platforms like Snapchat so that when you saw an endorsement for a scam product or link, you’d trust it because it seemed to come from someone you actually knew and you manually share it, thereby helping the scammer to do his job. According to the report, 70 percent of social media threats required users to propagate them, as compared with only 2 percent in 2013. Scammers also use the strategy of “Like” and “comment” to propagate their scams. They do so by posting and want you to click on the “continue” or “verification” button or link to access more enticing content, thereby increasing its popularity and reach. The public also undervalued their data, freely giving away email addresses and login credentials without checking if the website is a legitimate one. While scammers certainly evolved their tactics and ventured onto new platforms in 2014, a lot of their success continued to come from people’s willingness to fall for predictable and easily avoided scams.

INSTAGRAM

Instagram, one of the fast growing social media platforms is now gaining popularity among the social media confraternity with more monthly active users than Twitter, and legitimate brands use it as a marketing channel for their businesses. It’s obvious that as any social networking platform becomes popular, scammers are never far behind.

In 2014, scams on Instagram were those where criminals tried to monetize pre-populated accounts and mimic offers employed by legitimate corporate users. They create fake accounts, in disguise to be lottery winners who are sharing their winnings with anyone who will become a follower. Some pretend to be well-known brands giving away gift cards. Users are told to follow the fake accounts and add their personal information, like email addresses, in the comments to receive incentives. Some unsuspecting victims often think nothing of giving away their details. Some users even go as far as sending $0.99 to the scammers in order to cover the return postage for the so-called offer, which they never see in the end. People don’t border about it because the amount is so small, but they’re giving away more details, and scammers are getting an extra cash bonus, and also using their details to exploit them. When the fake account has gotten enough followers, the criminal change the name, picture, and bio-data, so when people don’t receive the incentive, they can’t locate the account to mark it as spam. The criminal then sell the fake account with all its followers to the highest bidder, and afterward a new account springs up in disguise of the original fake account, claiming the old account was hacked, and the process starts all over again. Scams spread like wild fire in Instagram, in the sense that once a user fall prey to the scam, the friends and followers of that user who follows the stream will see the post and often fall victim of such scam. The inability of Instagram to carryout verified check for legitimate accounts has made such scams prevalent.

People should be very careful when using any social media network, be wary of free offers for gifts, cards, or invitations from attractive women to join adult dating and webcam sites. If you are asked to fill out a survey or sign up for a service using a credit card, you are most likely being scammed. As the old adage goes, if it sounds too good to be true, it probably is. When you receive message requesting for financial assistance from friends or family members via social media or email, check very well before responding, if possible try contacting the person on phone to ascertain its genuiness. It’s probably coming from a scammer who might have hacked the account.

EMERGING TREND IN HACKING AND SOCIAL ENGINEERING

As we approach the nitty gritty of the digital age, technology has grown and is still growing rapidly, likewise the activities of cyber criminals in keeping up with the emerging trend. With invention of smartphones, tablets, iPads, iPods and potentially many billions of Internet-connected devices of all kinds, Internet security is now shifting from the desktop, laptop and the data center to the home, the pocket, the purse, and, most importantly, the infrastructure of the Internet itself. People now rely more on mobile devices, thus, more spam, scams, and threats are tailored to these devices.

Email has been the major attack vector for scammers, but in keeping up with the emerging trend, they are now leveraging social media platforms and mobile Apps to carry out their filthy activities. This is very lucrative for these scammers as users of social media platforms are more likely to click and share something posted by a friend thus spreading it rapidly. Many people have this mindset that cyber threat occurs only in desktop and laptop computers, ignorantly neglecting the basic security precautions on their mobile Apps and smartphones. In study conducted by Symantec in 2014, it was observed that 70% of social media scams were manually shared. The study also found out that 17% and 36% of all Android Apps and mobile Apps were actually malware and grayware(a non malicious software design to track users location and behavior) in disguise. This is unconnected with the high level of internet security ignorance among users of social media. In a Norton survey, it was reported that users did not know what they agreed to give access to on their phone when downloading an application; and 68% are willing to give up their privacy for nothing more than a free App.  

MOBILE MALWARE

Mobile malware is malicious software targeted at mobile devices. It is on the increase yet mobile users don’t recognize this fact. The growth of mobile malware is now on the increase targeted at user’s money. Cyber criminals now write mobile malware to capture bank details of users, capable of intercepting text messages with authentication codes from the user’s bank and use it for fraudulent act. They also create similar mobile App of the bank and use it to trick the user into giving up his/her account details.

Most App users think they understand what they are agreeing to when downloading apps, not knowing they have little understanding of App permission practices and mode of operation. Not only can mobile Apps have access to user’s sensitive information, but the phones can also be used to invade the privacy of the user. The App collects and sends sensitive data including physical location of the users to the App developers. It is highly advisable to read and understand the terms of use of the App and also the privacy policy before agreeing to download the App. Most users are aware of these threats, yet are still willing to allow Apps access to their personal information.

SMS THREAT TO MOBILE DEVICES

SMS(Short Message Service) and other mobile messaging are readily used as a means to deliver all kinds of fraudulent campaigns. Apparently, it is one of the most dangerous threats as its vector of attack.

SMS has been an infection and propagation vector for many viruses like Trojans, worms, etc through malicious apps to infect victims especially the contact list. These short messages look real but may include links to malicious websites/apps. For examples, messages like “Hi buddy, check out this amazing free music download http://scammers.gov.net.org” or Get a free money making ebook here http://scammers.gov.net.org.

Dating Apps and social media sites are the main medium scammers are using to lure unsuspecting victim. They initially target mobile dating apps users and later moved to SMS. The way and manner these scammers carry out their nefarious activities has no far difference on how it has been running on email, but with the new mobile platform, it has become easier for them when using a relatively trusted medium.

Every Dick and harry should be attentive to each communication on social media and other platform and be aware that cyber criminals are constantly devising and improving their fraudulent activities.

DANGERS IN SOCIAL MEDIA

Social engineering or social hacking is the act of manipulating people through social interactions in person, over the phone, or in writing into breaking normal security rules. It has become the greatest threat being faced by many including organizations. These social engineers know that humans are a weak link in cyber security. They strategize their plans to look legitimate and appear harmless so as to trick people to beat security walls. Being a victim of these hackers could be damaging and frustrating.  

Posting on Social Media Sites

Posting updates and other information on social media sites is aim at enlightening, educating and informing the social network community, but care must be taken on the type or kind of information you post. Once information is posted to a social media, it is no longer private.  The more update you post, the more vulnerable you may become. Even if you did a thorough security setting on your account, friends or websites may inadvertently leak your information. The more personal, family, friends, business associates information you share, the more likely someone could impersonate you and you your account for nefarious activities. You must be conscious of the fact that hackers and scammers troll social medias sites like a roaring lion looking for information or people to target and devour. Let me share a confession of a fraudster known as “king of 419”. According to him, he started by procuring foreign sim-cards from UK and USA so as to deceive potential victims, and specifically targeted wealthy foreign ladies in North America.

“I had pictures and pre-recorded videos of a white man. There is software which will replay these videos on Skype. So, if I am Skyping with you, you will not see my present self – you would see this video on a webcam. I had about 20 different videos with the same white man and I had created stories behind each clip. When I showed my victims, they all believed it was real.”

According to him, facebook is the easiest medium to lure prospective victim and he uses the same profile he had in the doctored video.

“Sometimes I would ask them to help me look for a property agent to buy a house. I would tell them I am ready to pay for the house as soon as I come. I would send them a fake e-ticket and tell them I would be arriving in two weeks. I even had a pre-recorded video of a 12 year old girl who I pretended was my daughter. I had this assistant who would help me in speaking like a small girl. There is no way you would see that video on Skype and not believe it is real. They buy into it immediately. That was how I was able to draw them to get money from them. To make it look real. I would send them gifts – rings, champagne, credit cards to shop. We would have ‘phone sex’ to draw their attention even more – that is how they believed. Sometimes, I could be talking to 10 different women simultaneously and I never forgot their names. Once the naïve trust is establish, I would tell them to contact my bank. Once they give me their details, I would make a fake wire transfer. They would see the money moving into their account. When it stops, I would tell them that they have to contact the bank and pay the ‘cost of transfer’ I could make $30,000, $80,000 – even $250,000 on a single victim. I was living in very luxurious and expensive hotels. I preferred people who were educated – people that would say, ‘It is not possible for me to be scammed’. I attacked lawyers through Yellow Pages in USA. I would tell the lawyer that someone owes me money from Michigan and the person is living in Alaska. The person the lawyer would contact in Alaska would be me also. Once he talked to this ‘person’, I would say, ‘I really owe him money and I want to pay back $300,000’. I would send the lawyer a cheque and once I sent it, they would not find out from the bank if the cheque was real; they would just deposit it.”  

To the glory of God, he was arrested by the Holy Spirit and turned a new life.

Be very careful on the conversation you make on social media. These social engineers may be using conversation to extract information from you without you having the feeling you are being interrogated.

Be on the alert when on the computer

Hackers may give you a USB or other electronic media that is preloaded with malware without you knowing in the hope you will use the device on your computer. Do not use any electronic storage device unless you know its and safe and legitimate, and scan all devices before using it on your computer. Always type a website address rather than clicking on a link. Hackers sometimes mimic legitimate web address with the hope extracting private data from you. When you see a deal or offer that sounds too good to be true, watch carefully, it is most likely a scam. Hackers use popular events and news stories as bait for people to open infected email, visit infected websites, or donate to a fake charity organization.