What is social phishing?

Described by Microsoft, a type of malicious online identity theft.  Social media phishing has jumped to 20% of the top-ten most phished brands!  According to Andrew Geiger of RiskIQ https://www.riskiq.com/blog/external-threat-management/q4-2017-phishing-roundup/

The hackers/phishers want you to provide them with access to your confidential information.

Social phishing is often seen on Facebook and luckily it normally has a very simple solution.  You simply need to change your password to one of those long ugly ones.  When changing your password it is best to follow the same requirements as your bank.

A strong password has:
1. at least 11 – 15 characters
2. uppercase letters
3. lowercase letters
4. numbers
5. symbols, such as ` ! ” ? $? % ^ & * ( ) _ – + = { [ } ] : ; @ ‘ ~ # | \ < , > . ? /

Here are some of the sneaky tricks the hacksters use;

1)    Fake Websites

If in doubt check the URL in the box at the top of your screen
http://12.34.56.78/bestshoppingsite.com/account-update/

Take a look at the website link above, normally when you go to your best shopping site you will not see those numbers at the very beginning, you would normally see only Amazon, eBay, Nordstrom, etc.  This is a very big clue that something isn’t right.  Whenever you get that feeling that something isn’t right, take a peek at the website link and make sure it looks right.

Some, however, are not that obvious, it could be a .co instead of a .com.

There could be other words added to the website link http://YOURbestshoppingsite.com/account-update/

It could even be http://best.shopping.site.com

Each and every time something is added the URL, even if it is just a period it makes it different.  This is something you need to look out for.

2)      Harvesting Information

You find something interesting on in your newsfeed, click the link, but lo and behold it takes you somewhere you didn’t expect to go.  In fact, where you ended up is asking you to enter your email address.  Example:  you want to go look at a resource mentioned in a blog post when you click on it and it takes you to a link shortening site. (this is what just happened to me)  You will be surprised how many people actually enter their name and email address.

3)      Fake accounts

This has become very prevalent on Twitter.  Scammers are creating Twitter accounts that look like customer service accounts.  They want you to enter information regarding your account so they can gain access.  Remember most companies will NOT want you to enter any account information in an unsecured environment.

I receive Facebook friend requests daily from “older gentlemen”.  I do look at some of the requests, but only if they are already a friend to some of my friends.  Many of these accounts are fake and if you do become friends sooner or later they will attempt to get money from you.

4)      Cash grabs

This is usually in the form of an email which contains explicit or suggestive text, implying that someone is watching you through your web camera and will publish embarrassing footage taken of you unless you pay them. They are usually poorly written with many spelling and grammatical errors—this is typical of phishing emails. These malicious emails are not directed at anyone personally; they are sent in bulk in the hope that some will reply or comply with the demand for payment.

5) Hidden charges

Clickbait “(on the Internet) content whose main purpose is to attract attention and encourage visitors to click on a link to a particular web page.”

There are many reasons for using click bait, the dangerous ones have hidden charges.  An example you find an ad on Facebook that intrigues you, you click.  Unfortunately, even though click-baiting is very annoying, it works. Once you have clicked you discover a free offer, BUT you have to pay shipping charges.  You still believe this is a good deal so you go ahead.  If you are not SUPER careful you just may have signed up for a monthly program at the highly inflated regular price.

How do you stop yourself from falling for these ones?  The answer is to be careful.  Your first line of defense is awareness and now you have read this information you are definitely aware.  Second is to review the web page(s) in detail, definitely look hard for a little box that may already have the tick mark. (or visa versa) When you are aware you’re about to go down the clickbait trail it’s much easier to keep an eye out for the deceptive practices.

I know of one man who purchased vitamins from a “free trial” offer and the company ended up charging his credit card over $200.  He reported them to his credit card company and the charges were reversed, but it was still a fair amount of work on his part!

6)      Hidden URLs

Link shorteners are everywhere! They are used for a number of reasons such as shortening a long ugly link, tracking how many time the link was clicked, provide users useful features, promote sharing and even to cover up an affiliate link so that scammers won’t steal commissions.

how can you tell if the URL is safe?  Use this website to check it first before you click.
http://linkpeelr.appspot.com/

I personally use a program called WebRoot, it was recommended to me by the gentleman who takes care of my computer hardware.  For $45.00 per year for 3 devices it is well worth it.  If and when you get hacked finding someone who is willing and able to fix your computer without charging an arm and a leg is challenging, better to protect yourself right from the start.