You can’t be sure who can see what you post online, so take care.
As Victoria checked her Instagram account, she saw a message from a friend. He had entered a photography competition and wanted her to click a link to vote for his entry. She says it looked fine, “there were zero red flags”, the friend was a regular online contact, and she knew he was a keen photographer. Because Victoria works in marketing and knows how online promotions work, this felt familiar, normal and safe.
Unfortunately, it wasn’t safe. The link led to an authentic-looking login page which asked for Victoria’s Instagram credentials. Soon after she logged in, it was clear the page was fake, and scammers now had control of not only her Instagram account, but also her linked Facebook account, and had locked Victoria out.
This was only the start of the trouble. The scammers impersonated Victoria, worked through her contact list sending the same competition entry message to all her friends. They then used her Instagram name and password, in a thankfully failed attempt, to access her email account and other online services.
Victoria spent several hours trying to regain control of her account, then warning her contacts who had been drawn into the scam. Along the way it became clear the scammers had been looking for information like bank account details, phone numbers, and anything else that could give them leverage elsewhere.
The event hammered home that even savvy users can fall victim to sophisticated social media scams.
ASB Fraud Expert Alex Hinde says social media scams like this are increasing: “Our collaboration with other industries, such as telecommunication companies, is making scam prevention more effective. This means scammers are moving on from their traditional areas such as SMS based phishing into other channels where we have less ability to track them and shut them down. We’d like to see the social media providers do more, but for now we’re warning people to take more care.”
There are scams right across the social media spectrum, but Hinde says the hot area right now is in the marketplaces. “This is where you post something for sale online, then someone who seems to be looking to buy contacts you to ask if they can get the courier to pay for it. Then they send a dodgy link for you to log in to a courier service and they use that to gather your details. It’s a form of phishing”.
Common social media scams that fall under people’s radar include romance scams targeting people looking online for company and investment scams. Both use social media to build trust. Investment scammers often infiltrate closed groups of like-minded individuals, such as hobby-focused online communities. They patiently create relationships, appearing to be helpful, knowledgeable contributors to the group before they start sharing information about the stock market and give advice about shares, cryptocurrency or other investments. They might even offer online courses. What they are looking for are ways to exploit trust or a lack of knowledge before they take action.
Hinde warns that many people have become desensitised to sharing personal information online and that creates opportunities for scammers. He says you can run into problems sharing location updates, family photos or other personal information. “One problem we’ve seen is that when someone buys a new house, they take a selfie standing in front of it. With that information, scammers can easily find your home’s address on real estate websites. They now know where you live.”
Even if you show photos of your children opening Christmas presents, scammers can learn something about you. The more data they have, the better the profile they have of you and that means they have a better chance of finding ways to get past your defences”.
To deal with this, you need to become much more cautious about what you share on social media. Hinde says there is a false sense of trust; social media can feel like a safe place, but it isn’t. He says restricting who can see your information is a good first step. If you want to share photos of your children with relatives who live overseas, share them through private channels or use social media tools to limit access.
A good next step would be to review your social media contacts. “This could be as simple as working through the list and removing people that you haven’t seen or spoken to in a long time. There could be people you don’t recognise or who are unfamiliar. Ask yourself if you need to share information with these people. Consider creating closed groups of friends. Look through the pictures on your feed. Do they give clues about where you live or show other things that might give someone leverage? Finally, make your profile private so that people you don’t know can’t see your details.”
Social media can be an important aspect of modern life, but being aware of the risks should help you make that big call and lock down your social media accounts.
If you find yourself in the sights of social media fraud, Hinde says the best thing to do is to immediately stop all contact with the scammer and contact your bank.
For more information that can help you stay safe from scams, head to ASB Scam Hub.