Social networking sites such as Facebook and Twitter are breeding grounds for phishing, clickjacking and social engineering attacks. Here are nine tips for spotting a scam, plus advice for what to do if you fall victim. Social networking sites such as Facebook and Twitter are breeding grounds for phishing, clickjacking and social engineering attacks, which, security experts say, are on the rise. “These criminals are paid to gather email addresses and [to generate] online advertising clickthroughs,” says Dhugael McLean, chief security scientist at Support.com. “Social media scams are getting more and more advanced in how they try to trick you,” he says. Here’s a look at how you can spot a social media scam, plus tips for what to do if you fall victim. Be Suspicious of Everything “Image by Digital Vision Whether you’re using Facebook, LinkedIn or Twitter, McLean says you need to adopt a new mindset: be suspicious of everything and “surf the Internet defensively.” “You need to treat everything that people post with some level of suspicion,” McLean says. “Because there’s a lot of bad stuff on social media sites, you need to be fundamentally distrustful of what you’re seeing on the screen at all times.” 15 Social Media Scams Does the Message Provoke? Whether it’s a Facebook post or a direct message via Twitter, McLean suggests you pay careful attention to the structure of the message: If the message is provoking an emotional response, don’t click. “If its saying something like, ‘Hey is this really a picture of you?’ or ‘See who has unfriended you!’ that’s what you should zero-in on,” McLean says. “And always be wary if they’re offering something for free.” How Your Facebook Privacy Settings Impact Graph Search Know Key Phrases Used in Scams While the content of social media scams is always changing, McLean says, there are some key phrases you should know. Watch out for sentences that begin with “Did you know…?” and “Can you believe…?” These phrases, like the messages that provoke, entice you to click when you probably shouldn’t. Hover Over Hyperlinks Hyperlinks can look like they’re taking you one place, but redirect you to another unless you verify the destination, McLean says. If you encounter a link to a video posted on Facebook or receive a message with hyperlinked text, mouse over it to view the real URL, which will appear at the bottom of your browser. Shortened URLs, which are most commonly found on Twitter, aren’t as easy to discern. For these, try using a URL expander, such as URLex.org before you click. Spammers Abuse .gov URL Shortener Service Know Where You Are on the Web “Image by iStockphoto If you clicked a suspicious link, what do you do next? McLean says the first step is to verify the Web address. “If a link sends you to another Webpage and away from Facebook, you’re no longer within that security shell,” McLean says. And while the site you’re sent to may look like Facebook or Twitter, it very well might not be. “It sounds like one of the simplest things, but double-check that you recognize the Web address, and that it’s nothing other than www.facebook.com or www.twitter.com,” McLean says. “If you’re not aware of where you are, it’s like driving around with your eyes closed—you’re probably going to hurt yourself.” Never Enter Your Password Ninety-nine percent of social media scams want you to enter your username and password, McLean says. If you click a link that sends you to a page that prompts you for your password, don’t enter it, he says. “Just close the browser, and there’s likely no harm done,” McLean says. 4 Facebook Privacy Settings for the New Year You Entered Your Password, Now What? “Image by iStockphoto You clicked a link and entered your password on an illegitimate site, so now what? Immediately change your account’s password, McLean says. One suggestion for developing a good password: Use the color of your first bike and the name of your first pet, plus the last two digits of the year you were born, McLean says. If you use the compromised password for other sites, be sure you change those, too. “Criminals know to try that password on other sites, and you don’t want more accounts hacked,” he says. Use a Secure Browser “Image by iStockphoto Ensuring your browser is up-to-date is imperative, McLean says, as is steering clear of old Web browser technology. “Because Internet Explorer is the most popular browser, it’s the one that’s most open to attacks and vulnerabilities,” he says. McLean also warns against Firefox because of how its plugin engine works, favoring Google Chrome as the most-secure browser. LinkedIn Tip: How to Enable HTTPS Browsing Use Online Resources “Image by Thinkstock There are a number of Websites to help you verify whether a post on social media is a hoax or a scam: Snopes is a resource that tracks internet scams, rumors and misinformation, and is the first place you should check if you have doubts about something you see, McLean says. McLean also suggests ScamTrends.com and FBI.gov as additional resources to consult. Related content news Oracle bolsters distributed cloud, AI strategy with new Mexico cloud region The second cloud region in Monterrey, providing over 100 OCI services, is part of Oracle's plan to compete with AWS, Google and Microsoft, and cash in on enterprise interest in generative AI. By Anirban Ghoshal Sep 26, 2023 3 mins Generative AI Generative AI Generative AI brandpost Zero Trust: Understanding the US government’s requirements for enhanced cybersecurity By Jaye Tillson, Field CTO at HPE Aruba Networking Sep 26, 2023 4 mins Zero Trust feature SAP prepares to add Joule generative AI copilot across its apps Like Salesforce and ServiceNow, SAP is promising to embed an AI copilot throughout its applications, but planning a more gradual roll-out than some competitors. By Peter Sayer Sep 26, 2023 5 mins CIO SAP Generative AI brandpost Mitigating mayhem in a complex hybrid IT world How to build a resilient enterprise in the face of unexpected (and expected) IT mayhem moments. By Greg Lotko, Senior Vice President and General Manager, Mainframe Software Division Sep 26, 2023 7 mins Hybrid Cloud Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe