As adoption and usage continues to increase worldwide, few cyber threats are as pervasive as social media scams. According to the Federal Trade Commission (FTC), in 2021, consumers reported losing about $770 million to fraud initiated on social media, with Facebook and Instagram being the primary platforms.
Facebook messenger scams, Instagram scams, and Twitter scams are all tools that fraudsters will use to try and manipulate unsuspecting users into handing over money or personal information.
Social media is a prime target for attackers because they know that, if they can take over an account or create a fake profile, they can manipulate an entire network of friends and other users. Prepetrators can even create fake ads to lure in unsuspecting victims.
This article will examine some of the top social media scams you’re most likely to encounter, what users can do to protect themselves, and how security leaders can help educate employees about social media fraud.
The State of Social Media Scams in 2022
For most people, social media is a place to connect with friends and communicate, but for cyber criminals, it’s a goldmine of personal information and potential scams.
Research shows that the number of social media attacks per target increased 103% from January 2021, highlighting that threat actors routinely use social media to commit fraud, impersonate trusted brands and executives, and target users from across the globe.
These attacks are common because they rely on the human error—whether that means a victim making the mistake of clicking on a malicious link in their private messages or a post or handing over information that a scalper can use to commit identity theft.
For example, all a Facebook scammer needs to spread malware is to pose as an individual’s friend and trick them into downloading malware via the Messenger app.
5 Types of Social Media Scams You Need to Know About
While there are hundreds of different unique scams you can run into on social media, there are a handful of social media scams you should be aware of:
1. Crypto investment scams
One of the most popular types of social media scams is where a criminal will attempt to trick users into buying cryptocurrency. Attackers will encourage them to buy worthless crypto coins and then disappear.
2. Romance scams
In these types of scams, a fraudster will send the victim a friend request and initiate a conservation with them. Once they’ve built rapport, they’ll then ask for money.
3. Non-existent goods scams
Fraudsters will often market fake goods on social media, encouraging users to place an order before failing to send the products and ghosting them completely.
4. Prize pool and giveaway scams
Sometimes criminals will advertise free item giveaways or raffles, encouraging users to like or comment on their posts to win a product. This tactic enables them to farm likes, so they can add a malware link to the post to infect other users’ devices.
5. Social media scraping
Cyber criminals often combine social media to try and gather personal information about potential targets, such as names, dates of birth, personal photos, and location, which they can use to commit identity theft in the future.
How to protect yourself from social media scams: Tips for users
While modern scams are becoming increasingly advanced, users can take some simple steps to protect themselves from being caught off guard. These include:
1. Restrict who can see your posts
Limiting who can see your posts on Facebook reduces the likelihood of a cybercriminal conducting “reconnaissance” on you. Doing this will prevent them from reaching out to you with a scam or fake offer.
2. Opt-out of targeted advertising
Opting out of targeted advertising is a great way to avoid being targeted by a fake ad campaign that tries to trick you into buying fake goods or visiting a phishing site.
3. Block anyone that requests money or personal info
If a user, even if they appear to be someone you know, reaches out to you and starts requesting money or personal information, block them, as this is likely to be a scammer.
4. Complete security awareness training
If your organization offers security awareness training, engage with the learning materials and phishing simulations, so you can learn how to spot the types of manipulation techniques that cyber criminals use online.
How security leaders can support users in detecting social media scams
On the other side of the coin, there are some simple actions that security leaders can take to support users so that they don’t fall victim to scammers. These include:
1. Educate employees about social media scams
Regularly educate your employees about social media scams and other threats like phishing (via phishing simulation tools) to ensure they’re equipped to spot manipulators online.
2. Deploy security awareness training
Use security awareness training to keep employees’ social media threats and scams top of mind. Augment this by creating internal cyber security heroes committed to keeping your organization cyber secure.
3. Release regular campaigns
Provide ongoing communication campaigns about cyber security and social media scams. These campaigns can include guidance on changing privacy settings and opt-out of targeted ads.
4. Update all infrastructure
Encourage employees to keep all applications, operating systems, network tools, and software up-to-date and secure. This process includes installing malware protection to offer protection from malicious attachments.
5. Embrace cultural change
Incorporate cybersecurity awareness campaigns, training, and support into your corporate culture to encourage security-conscious behaviors among employees.
Social media scams may be prevalent, but if your employees have been educated on the latest security best practices, they can avoid the likelihood of handing over personal information or money to dishonest individuals.
Want to find out how you can create effective security awareness training materials?
Reserve your timeslot for a fun, exciting solution walkthrough. It’s like speed dating, only without any disappointment or gong noises.