From posing as HMRC to help you get your cost of living payment to offering too-good-to-be-true hoildasy deals, cybercriminals are always producing new ways to steal from unsuspecting social media users.
Social media is a great place for scammers to hang out, and last year Lloyds Bank reported that reports of fraud via Facebook's Marketplace feature were taking up more time at bank call centres than any other type of purchase racket, as buying and selling cheap goods soared during the cost of living crisis..
We've teamed with cybersecurity expert Liz Wegerer from VPNOverview.com to look into the future and predict the most likely social media scams predicted to do the rounds this year.
Read more: Travellers warned of eight holiday scams you need to watch out for when booking trips
Facebook is the most popular social media app worldwide, and scammers flock to it to fleece unsuspecting users. With so many active users, fraudsters have a vast pool of potential victims to target. Here are some of the most common ways they try:
- Phishing scams: Emails or direct messages with sketchy links that download malware or capture login credentials on spoofed websites.
- Romance: Friend requests and direct messages that attempt to create a romantic interest with the goal to steal money from the victim.
- Prizes or job offers: Claims designed to obtain personal information or money from the victim, including “You’ve won!” scams.
- Quizzes and games: Designed to elicit personal information in the answers through the kind of information people may use to create passwords or answer security questions for their online accounts.
- Charity pleas: Creating fake charities to get donations during times of disaster, using sites like GoFundMe.
More than one billion people use Instagram each month, making it the world’s fourth most popular social media platform. Cybercriminals know this and have several tricks to infiltrate your account and steal your personal information. These include:
- Fake investment offers: Scammers promise you a great return for just a small investment.
- Bogus brand collaboration requests: Fraudsters offer to pay you for promoting their products then steal your financial data when you provide them.
- Selling followers and likes: Ask you to pay a nominal fee in exchange for like or follow packages, but your financial data gets stolen when you send financial details.
- Giveaways: Entice you to try and win a prize, but then you will be asked to provide personal information or payment to claim your winnings.
- Imposter brand accounts: Sell counterfeit goods (or never deliver the promised goods at all) under the guise of a popular brand to drain your bank account.
How to avoid scams on social media
1. Lock down your privacy settings: Your Instagram is set to “public” by default, allowing anyone to see your posts. To protect your privacy, set your account to “private” so only followers you approve can see your posts, make comments, and send you direct messages. On Facebook, while you can never hide your profile pictures or cover photos, you can hide almost everything else from those outside your friends list through your settings.
2. Use strong passwords and enable two-factor authentication: One of the easiest ways to prevent unwanted logins on your accounts is to use strong passwords and enable two-factor authentication. With this in place, anytime someone tries logging in from an unrecognised location or device, they will also have to enter a one-time code sent to your phone.
3. Keep track of third-party apps: Over time, you have likely connected several third-party applications to your Instagram account. You should regularly review these applications and delete any you do not recognise or no longer use.
4. Only buy from verified profiles and brand accounts: Before you buy anything on social media, check to make sure the account you are dealing with is verified. All legitimate brands on Instagram and Facebook are verified with a blue circle checkmark next to their name.
5. Search regularly for accounts in your name: To avoid the damage of someone cloning your accounts, get into the habit of regularly searching Facebook and Instagram for your name. This only takes a minute and is an easy way to identify imposter accounts.
6. Decline friend requests from anyone you do not know: Get in the habit of declining friend requests from anyone you are not familiar with.
7. Never click on suspicious links sent to you or respond to unsolicited messages: If you think a friend sent you something, double-check with them before clicking. Especially when what they sent you involves compromising information about you or says something like, “OMG! Is this you?” or “Have you seen this yet?!”.
What to do if you fall for a scam
If you have either been a victim of a scam or spot a suspicious website, you can report this in several ways:
Fraud and cyber crime can be reported to Action Fraud, the UK’s national reporting centre for fraud.
You can also report internet scams and phishing to report@phishing.gov.uk.
Suspicious websites can be reported to the National Cyber Security Centre (NCSC).
Now read:
- Seven signs to look out for that show a website may be a scam
- What is Mastodon? The little-known social media platform Twitter users are flocking to
- Tech experts issue warning over worrying rise in Instagram account cloning and social media scams
- GCHQ's advice on avoiding online shopping scams ahead of Christmas
- Santander issues warning to account holders after woman nearly lost £80,000