Tuesday, February 2, 2016

How to spot a social media scam - and 5 tips to avoid them

Social media scams have always been around, but it seems that each year they get a little more sophisticated and a bit more targeted. 

This week on Facebook a lot of folks in Rochester, N.Y. (where I’m based) opened Facebook and there in their news feed was a post seemingly offering a "free $200 grocery coupon" (see image) to Wegmans supermarkets – the biggest and by-far-the-most-popular chain in the area. The posts were accompanied by poster’s comments such as “Wow” and “Can you believe this?”
The widely shared scam post

Well … no. There were a couple of clues right in the post that it was a scam.
  • The URL (web address) at the bottom of the public post does not look like it belongs to Wegmans’s official page
  • The English is fractured – typical in scams since they are often posted overseas by non-native English speakers 
Then, if an offer seems too good to be true, well it likely is. So don’t ever click on the headline or any link before going to Wegmans (or any supposed posting company’s) official social media page.

In this case a quick visit to Wegmans’ official Facebook page shows that this "offer" is not posted there and instead there’s a warning about the scam.
The warning on the Wegmans Facebook page

If you do click through to the offer (not recommended as this can be the way the scammers download malicious software onto your computer) there will be abundant evidence that this is a scam. For example: In the case of the Wegmans "offer" it was a digital counter counting down how many coupons supposedly remained. Every time the page refreshed it went back to 360 and started counting down again… 

And, if you are a business that has been spoofed and your organization’s name associated with a scam you should quickly do two things:

  • Post something on your own social accounts warning about the scam so people will find the information there.
  • Contact the affected social networks and ask for the malicious scam material to be taken down and the poster banned.

Both of which Wegmans did very quickly after the coupon scam surfaced …. 

So, in general what are the best ways anyone can avoid falling for a scam?

Top 5 Tips to Avoid a Social Media Scam

1. Does this news/post sound too good to be true? If it does it likely is. Headlines screaming unbelievably exciting or tragic news. Or offers of cash or goods that seem like they would make your life a lot better. Or words such as “Unbelievable,” “Shocking” and “Disturbing.” All are often related to an attempt to get your attention and get you to click.

As mentioned above, the first thing to do is seek verification by going to an official social network site to see if the post exists there. Or go to Snopes.com and enter a few key words from the item – Snopes is the best online debunker of fake news/information (and, in fact, had an item posted about the Wegmans coupon scam within a few hours). Even a general Google search might turn up warnings that something is a scam.

2. Think before acting: Typically scammers want to make you feel you have to act quickly. Nothing on social media is a matter of life or death. For example, those urgent appeals from a friend who lost their wallet overseas? Think about it: Why are they using Facebook or Twitter to reach out to all their friends?

3. Ask yourself: Is this a chain letter? The old chain letter used to ask people to forward a letter to a number of friends to bring good luck or cash. Today, by way of examples, the chain letter takes the form of "Tweet this image and Bill Gates will donate $100 to help premature babies" or "Share this post with your Facebook friends and Mark Zuckerberg will randomly pick 1,000 people to each receive $1 million in Facebook stock." These appeals almost always tap into a grain of truth, but would these very rich men really do what is proposed?

4. Watch for phishing attacks: You innocently click on a link you find on a Facebook or Twitter post and you are asked to log in using your Facebook or Twitter credentials – don’t. Yes there may be a legitimate reason some sites want you to do this, but before you do check out the URL of the page you are now on. Is it still a Facebook page or some other legitimate site? If not this site is wanting you to sign in so it can grab your credentials and hijack your account.

5. Be cautious of shortened URLs: Don’t blindly click on shortened URLs. You'll see them everywhere on Twitter, for example. But because they are shortened and consist of a garbled collection of characters you can’t tell where the link will take you. The best practice is only click on shortened links from social media posters you highly trust. This is not foolproof, but offers a degree of protection.

Hopefully these tips will spare some of you the grief of having been fooled by a scam or, worse, having your social media accounts compromised.