Social Media is a great way to connect with friends, relatives and colleagues around the world. However, scammers are always looking for new ways to separate you from your hard-earned dollar, and they have jumped on the social media bandwagon to do just that. Following are just a two common scams to watch out for in the world of social networking.

Celebrity News

Celebrity news will always be used in criminal ploys because scammers know that many people love gossip. The death of Michael Jackson has spawned emails that contain malware in their attachments. Typically, malicious Facebook and Twitter messages relating to celebrity news contain links that claim to have “secret” information. Some of the lures include promises of songs by the King of Pop that have never been heard before or new details and pictures of Jackson’s death. However, the link then typically prompts the user to download an update of Adobe Flash. Of course, instead of an update, users end up with a bot Trojan or other piece of malware on their computer. Once they have compromised your computer, they can use it to send spam, install spyware, steal your identity, or launch a denial of service attack.

I’m trapped in Paris! Please send money.

Known as a 419 scam, fraudsters break into Facebook accounts and then message the victims’ “friends” asking for money. A “friend” uses the Facebook chat feature to send you an instant message or a message in your inbox. The “friend” informs you they are trapped in some foreign country and have been robbed or have lost their wallet through some other unfortunate incident. They need you to wire money quickly to help them get home. However, on the other end is a person posing as your “friend” that has hacked into your actual friend’s account. This scam is really just a new version of the old email trick that informs a recipient they have “inherited millions.” Also, the scammer can use other information from your profile, such as your wife’s name or your children’s names, to make it seem more legitimate.

Sean Sullivan, a security advisor in the F-Secure Corp. security labs, said most of these attacks are the result of a compromised username and password. Sullivan recently criticized Facebook for their security questions protocol, which he thinks use out-dated questions such as mother’s maiden name, and said he thinks they should consider having users choose their own security questions.

OMG! Did you see this picture of you?

Both Facebook and Twitter have been plagued by phishing scams involving questions that piques the user’s interest and then directs them to a fake login screen. Typically, the user receives a message, such as “Did you see this picture?” with a link also included. The user clicks the link, and it prompts them to enter log-in credentials on a fake log in screen.

On Facebook, for example, members might receive a message in their inbox, or a message on their wall, that directs them to another site which looks identical to the Facebook log-in page.  Twitter users received tweets that asked “OMG! Is it true what they said about you in this blog?” The link directed the user to a screen that looked just like the Twitter log-in page, but was instead a phishing site. Another version of this scheme included messages requesting users update account information, which then took them to fake log-in screens.

This is a classic phishing ploy. In order to avoid having this happen, make sure you check the url before entering your log-in information. If your browser bar says anything other than Facebook.com or Twitter.com, leave the site immediately. The other potential in this scam is spyware infection. The tiny url function makes this even easier for scammers because you can’t see the link you are clicking. Bottom line: If a link or a message seems suspicious; click at your own risk.

Test your IQ

Facebook members who used an app that offered an IQ test were unpleasantly surprised to learn they had unwittingly also subscribed to a text messaging service that cost approximately $30 a month. The IQ test looked like most other Facebook apps. But once the test completed, users were asked for their cell phone number in order to receive results. By handing over their number, they were also enrolled in the text messaging service. The terms of the service were in fine print that many claimed was nearly impossible to notice.

Sullivan advises users to be weary of all of the apps on Facebook. In order to use a Facebook application, which often includes fun quizzes such as “Test your 1980’s trivia,” you must allow the application to have access to information in your profile. The privacy issue is just one risk. In some cases, the applications download malware onto your computer.

Join State University’s Class of 2013 Facebook group

A college guide book publisher called College Prowler was recently criticized for creating Facebook communities for students in the class of 2013 that appeared to be organized by their college or university. A recruiter with the admissions department at Butler University uncovered the ruse when he found a Class of 2013 page for Butler University on the site, but no one at Butler knew who had created it.

The recruiter, Brad Ward, blogged about the find and said pages had been created for many major universities around the country, including the University of Michigan, Cornell University, Duke University and Northwestern University. According to Ward, none appeared to have been created by anyone with legitimate ties to the class of 2013 at any of the schools.

Other instances of fake groups have included invitations that prompt users to install certain apps in order to “chat” with other members, but instead install malware. In some instances, unwanted products, such as toolbars, have been installed onto the user’s computer after the person joined a group.

Tweet for cash!

This scam takes many forms. “Make money on Twitter!” and “Tweet for profit” are two common come-ons security analysts say they’ve seen lately. The claim is that anyone can work from home and make large sums of money (Up to $10,000 a month!!) simply by “tweeting.” Sounds too good to be true, and, of course, it is. The age-old work-from-home email scam has now migrated to Twitter, those who fall for it are asked for their credit card number in order to pay a $1.95 shipping fee to get their ‘Twitter Cash Starter Kit.’ Many people later find out the Starter Kit had a 7-day free trial, and the company then charged a monthly “fee,” typically around $50, unbeknownst to the victim, who often has to cancel the credit card in order to stop the fraudulent charges.

Ur Cute Msg me on MSN

A typical example includes a message that says “Ur cute. Msg me on MSN,” which is embedded into a picture and is a ploy that ultimately leads the user to an adult site. Embedding the message into the picture is a way for spammers to get past Twitter’s anti-spam filters, he said. The ruse gets even more sophisticated if you decide to “chat” with one of these on MSN. Instead of a person, it’s a bot pretending to be a human conducting the flirtatious conversation.

The bot follows a script which offers the end user a “free pass” to their supposed adult webcam site. However, the site being linked to in the pass typically asks for credit card and other user information for age verification. Of course, handing over this kind of information makes you a prime target for identity theft.

Source:Fightfraud.nv.gov

By Harold Nussbaum