|
Use strong and unique passwords on all your social media accounts and enable Multi-Factor Authentication (MFA) as an added layer of protection. If you have several passwords to keep track of, consider using a password manager to help keep your accounts secure. If you use the same password for multiple sites and your password is stolen, a scammer can potentially gain access to all the accounts where that password was used.
Shortened URLs and QR codes are a common tactic used by scammers to conceal where malicious links lead, since many social media sites have a character limit. A simple scam involves an email with links or QR Codes that are allegedly to posts you have been tagged in. The links will use a URL shortening service or QR Code to hide the true link destination - a malicious site that can infect your device.
To avoid this, do not click on shortened links in emails and social media messages you receive. Instead, copy and paste the shortened URL into a URL expander to see where you are really going and then choose to click or not. For QR Codes, pay close attention to the web site you are being directed to and look closely for signs that it may not be legitimate.
Additionally, never enter your login credentials in a website that you linked to from a social media post, message, or email. Scam websites that look like the real thing are often used to steal passwords and compromise accounts.
Fake coupons are another tactic scammers use commonly on social media platforms. The scammers create a fake coupon requiring you to click a link to download it and put the coupon on a malicious website that can infect your device with malware. Treat these with the same skepticism as other suspicious emails and messages.
Click baiting is another way a scammer can get your information or install malware on your computer. Click baiting is when there is a “teaser” to get you to click on the link.
For instance, it might suggest a really interesting story (“you won’t believe what happened next…”), challenge you (“I bet you can’t…),” or promise a “giveaway” or “sweepstakes.” With the sweepstakes and giveaways, the scammer creates a fake website giving away a product. They then post the link on social media, directing users to the website to take part in the giveaway. Once there, you may be prompted to enter information, thus exposing your personal data. The website may alternatively attempt to download malware onto your device.
One way to identify and avoid this type of scam is to look for spelling errors. Another way is to check and see if the website is affiliated with the company purportedly offering the giveaway. Additionally, ask yourself, is the prize too good to be true? Scammers frequently make the prize seemingly larger-than-life to attract as many people as possible.
When using social media, avoid accepting friend requests from people you do not know. If accepted, the scammers can use this to gain access to your personal information with the goal of stealing your identity. If you receive a direct message from someone that you do not trust, delete it.
Finally, consider following the guidelines below on what information you should NOT share on social media:
-
Your date of birth – this is a piece of personally identifiable information that criminals can use in committing identity theft.
-
Your address and phone number – these are privileged pieces of information that you do not need to share on your profile to enjoy social media.
-
Answers to common “security questions” – if you proudly post pictures of your first new car, your high school sports memorabilia, etc., you are posting the answers to the security questions that are commonly used to validate who you are when accessing sensitive accounts or resetting passwords.
-
Location-based check in – these “check-ins” let everyone see that you are not at home and can make you a target.
|
