You’ve heard about many of the scams that exist on the internet now. It’s tough to simply look at your emails without noticing several phishing emails sitting in your inbox. Lately, the largest influx of social engineering scams has come from social media. As of right now, worldwide social media users total 2.34 billion according to Statista. That is a lot of people to target, and hackers are taking advantage. How? Fake accounts. Forbes estimates that there are over a half billion fake social media profiles in circulation today. There are four main ways these cyber-criminals are utilizing social engineering via social media.
Swaying Public Opinion
The most recent large-scale example of utilizing fake accounts to sway public opinion was meddling in the 2016 election. When investigating, Facebook not only found millions of fake Facebook accounts, but they also found that there were Facebook ads created to sway American voters. The ads and posts came from profiles that looked legitimate, but in all reality were conjured up simply to create influence with minimal effort. In addition to their obvious desire to affect election results, if people clicked on the ads, their computers were often infected with malware that would give away valuable personal info.
Have you seen the pages that say a celebrity talk show host is giving away XYZ prize or a big-name brand is handing out free gift bags if you share and like the page? All scams. The perpetrators hide behind names that look similar to the authentic celebrity or brand and rely on unwitting people to click, share, and like. These hackers then follow-up by selling your information to third-parties or targeting you with malware advertising to get you to keep coming back.
This technique goes all the way back to 2011 after Steve Jobs passed away. A fake FB ad claimed that Apple was giving away iPads in honor of his passing. Well, that ad went viral and thousands of people clicked on the link, which in turn infected their computers and devices.
Minimally Invested Profiles
Social engineering has gotten more complicated with (MIP) minimally invested profiles and (FIP) fully invested profiles, found mostly on Facebook and LinkedIn. MIPs are created in bulk, and they usually have very little original content on them, as well as a sexy or provocative profile photo. These hackers go around making friend requests willy-nilly in hopes that their picture will intrigue people to add them. They'll eventually send you malware via FB messenger or put rogue posts on your Facebook wall.
Fully Invested Profiles
The FIPs that get created take a little more time and effort, however, they are more efficient because they really look the part. To an untrained eye, a profile like this could pass as an acquaintance. The best way to crack this mystery profile is by looking at their friends, seeing if you already have a friend by that name, as well as scouring the content of their posts. If this raises even one red flag, it's likely it’s a fake profile. People using this technique target you on Messenger with infected content, usually videos that lure you in because you “know” the sender.
These are just a few of the main ways that social engineers are using social media to target people. While snooping on your co-workers, checking to see what crazy Uncle Larry just posted, or simply browsing through memes, always be diligent and aware of your internet surroundings. In addition, make sure your firewall and antivirus are up to par! Don’t let a social engineer manipulate you into surrendering your information.