Beware social media scams

According to a research report by Webcertain Group, the number of social media users in the Asia-Pacific by early 2015 will hit around 1 billion, almost five times the total in North America.

Given the huge online population and the fact that social media browsing has become a daily routine for everyone, it has become one of the favorite attack hotspots of cybercriminals.

Trend Micro, a global leader in security software, studied the landscape and has identified nine social media scams, such as “The Facebook Color Changer,” “Who Viewed Your Facebook Profile,” and “Naked Videos,” that cybercriminals leverage to spread malware infection to personal computers and smartphones or steal personal information by luring users to click on phishing sites.

Social media users are advised to always check the source of links and apps in posts, regularly change social media passwords and use a reputable security app like Trend Micro Dr. Safety for complete online protection against bogus links, Facebook privacy issues and malicious apps.

“Social media scams are increasingly popular,” said Terrence Tang, senior director of Consumer Business, Asia Pacific, Trend Micro. “They lure users to install third-party apps through social media posts or trick users to click on phishing sites that cause malware infection. Users are advised to be ever vigilant when they surf online.”

Here are nine popular social media scams Trend Micro has identified:

  1. The Facebook Color Changer app: This app appeals to users with the feature to personalize their Facebook color. But it also leads users to phishing sites and tricks them to share the app with friends. It also uses a tutorial video to trick users to click on an ad. It hijacks users’ profile and spams users’ friends. It even infects mobile devices with malware.
  1. Who Viewed Your Facebook Profile app: This Facebook scam lures users with messages from friends or ads posted on their walls and invites users to check who viewed their Facebook profiles. Once clicked on, users’ profiles and their social network will be exposed to the scammer.
  1. Facebook Videos with Enticing Titles: Cybercriminals often use enticing titles like “Not Safe for Work” or “Outrageous” to lure users to click on videos that redirect them to phishing sites and steal their personal information. This scam can also cause malware infection to users’ devices, such as Rootkits that are hard to clean.
  1. Facebook Fake Naked Videos: Facebook scams of naked videos usually come in the form of ads or posts with links that take users to sites that host bogus YouTube videos. Such fake sites then prompt users to install an update to fix their “broken” Adobe Flash Player. Once clicked, the fake Flash Player installer will infect the device by installing its malware (usually a Trojan) as a browser plugin. Not only does it steal Facebook photos from users, it also invites their friends to watch the same video, and the ruse continues.
  1. Instagram InstLike app: Thousands of users worldwide have installed the InstLike app in the hope of boosting their Instagram likes and followers. Unfortunately, this app takes advantage of the passwords and other information they collect from users to boost their own growth, spreading the infection even further. Despite being reported, unwitting users are still being duped by InstLike as it continues to be in business.
  1. Twitter Instant Followers apps: Apps that promise instant Twitter followers usually cause users to fall victim to scammers, who leverage user accounts for further spamming and attacks.
  1. Twitter Bait Scam: Some scams send messages like “Just saw this photo of you” to trick users into clicking the malicious links in the messages. The scam can hijack users’ Twitter accounts and send their friends further spam messages, luring them to phishing sites that steal personal information.
  1. Tumblr Dating Game: The Tumblr Dating Game has lured many users to click the links in its messages and make them create dating accounts, which only lead them to ads or adult pages that generate revenue for the scammer.

9. Pinterest Bogus Pins: Scammers post bogus pins that advertise free giveaways to lure users to false surveys or phishing sites. It also spams their followers to further expand their attack.

Read more...