In February I wrote a blog titled “Sidestep Social Media Scams in 2022.” In it, I highlighted social media scams involving cryptocurrency, email phishing, and clickbait. Two weeks ago, RB’s Computer Service foiled a hack attempt involving both email phishing and clickbait. Email phishing and clickbait scams are increasingly coming from people you think you can trust, like “Friends” or “Followers” on your personal or business Facebook page. According to a recent Federal Trade Commission report, 30% of social media scams involve email phishing and clickbait (Investopedia, Jim Probasco, Huge Surge in 2021 Social Media Scams, Says FTC, January 27, 2022, https://www.investopedia.com/social-media-scams-surging-5217274). As a result, I felt it was important to circle back to the topic of social media scams in this blog. But, before I dive into the hack attempt RB’s Computer Service foiled and what you can look for to avoid the same thing, let’s first do a refresher on what email phishing and clickbait are. And remember, if you get locked out of your computer, need malware removed, or need help with cyber security, don’t hesitate to contact RB’s Computer Service via phone or email: 763-441-3884, help@rbsmn.com.
What is Email Phishing and Clickbait?
Phishing is when attackers send malicious emails designed to trick people into falling for a scam. The intent is often to get users to reveal financial information, system credentials, or other sensitive data. Often a phishing email will encourage you to click on a link, then log in to an account of some type to capture your login credentials. Lastly, the phishing emailer will likely change the password and lock you out. Clickbait on the other hand could be a Facebook meme, an ad, picture, website landing page, or video. Clickbait headlines/subjects/images often appeal to your emotions and curiosity. Once you click to “Learn More,” a malicious code is released or a call to action attempts you to reveal some type of private information, such as “Log in Now.”
How RB’s Computer Service Foiled a Phishing and Clickbait Attempt.
On May 24th I received a phishing email from someone posing as Facebook. At first glance it looked legit and stated Facebook received a “report from a third party that the content you posted infringes or otherwise violates their rights… your page has been set up in the deletion process and it requires immediate attention…. If you believe these reports are inaccurate, please click the link below:
https://www.facebook.com/105231807797303.” RB’s Computer Service has a lot of “Followers” on Facebook and lots of content gets shared to our page, but we ONLY use original or royalty-free content. Nevertheless, I was very concerned. Before I clicked the link, I remembered Facebook doesn’t communicate this way. They send “Notifications” directly to my Facebook when something needs my attention. Then I glanced at the email address. The phishing email was from messaging-service@post.xero.com. This is not a Facebook email. Furthermore, investigating a little further, this phishing email had punctuation errors, and then I was convinced it was a scam. I didn’t click the link either. But, if I had, I’m sure I would have been asked to login into my Facebook account so the Facebook poser could capture my login credentials. Ultimately, I reported the phishing email to Outlook and Facebook, then deleted it. Please see the screenshot below to see what to look for to avoid this type of scam.
What do Hackers Want with your Facebook Account?
Facebook accounts mostly contain your real name, email address, birth date, relationship status, and physical address. In addition to storing all your private messages, photos, and feed posts, Facebook is also used to log in to other websites. If a hacker manages to take over your Facebook account, they may have access to some of your other accounts around the web. The same goes for Instagram, which is also owned by Meta.
Criminals need all your personally identifiable information (PII) to commit identity fraud. Then they can sell your account information. According to a report from Privacy Affairs, “the cost of a Facebook account on the dark web is $45. An Instagram account goes for $40 (Kim Key, PC Mag, Are They Your Real Friends? Watch Out for This Social Media Scam, May 17th, 2022, https://www.pcmag.com/how-to/how-to-avoid-social-media-scams)”.
Bottom Line
Don’t take the “bait.” Be suspicious of emails, Facebook memes, and Facebook Instant Messenger texts from Facebook friends or trusted sources that encourage you to click into or act on something that seems shocking, scandalous, or too good to be true. If you can’t determine if an email is legit or not, contact the person or organization that sent it BEFORE you click. Some other social media scams include impersonation scams, quizzes and polls, sweepstakes and lottery scams, and work at home and other money-making schemes. In addition to helping protect your computer network from social media scams, RB’s Computer Service offers ransomware protection strategies, managed IT services, and malware removal. If you need help protecting your computer network from social media scams, setting up a ransomware strategy, or malware removal, contact us today via phone or email: 763-441-3884, help@rbsmn.com.