This is a cross-posting by Jocelyn Baird originally published on September 10, 2014
You see the warnings all the time. Beware of the Facebook color scam going around! Don’t click links from fishy-looking emails asking you to log into your Twitter account! Social media is impossible to escape, but with its proliferation comes a slew of new dangers and safety concerns. The days of communication on the Internet being limited to asking strangers for their A/S/L (Age/Sex/Location) in chat rooms are over. Now we put those basic details and so much more out there for virtually anyone to know without so much as a second thought. It’s important to protect yourself from being the target — and victim — of social media scams. Awareness and vigilance are the keys to preventing your information from being compromised online just as much as off.
How do social media scams work?
Some of the scams you see are harmless, such as chain letters that claim Bill Gates will donate $1 to charity for every share or retweet. You run the risk of aggravating your friends by passing these along, but that is generally where it stops. However, other social media scams actually do pose a threat. Links that install malware or viruses onto your computer or phishing emails that trick you into giving up sensitive information are everywhere. Many of these scams rely on the laziness of the average social media user. They hope you will click a link first and think about what you’re doing later.
What steps can I take to protect myself?
1. Always look carefully at the URL of a page before logging in. Some scams work by sending an email that urges you to log onto your social media account for one reason or another. It might say that someone posted incriminating photos of you on Facebook, or claim that you need to verify your Twitter account because of a security issue. These emails are designed to resemble those sent by the official social media email accounts. Often, a careful scan of the email itself will reveal it to be fake — misspellings, a fishy sender email address. However, if you are tricked by the email and open the link within, then a habit of always checking the URL before you enter any information can be your saving grace.
A real URL for Facebook or Twitter will include “www.facebook.com” or “www.twitter.com.” If you have been prompted to log into your account through a link in an email, it’s good to be on your guard. Remember, you can always close the window, retype the correct URL and log into your account that way to see if you have any messages or notifications. Doing this ensures you are logging into the correct website.
2. Beware of shortened URLs. Commonly used on Twitter, shortened URLs are a great way to come in under the 140 character limit. However, it is impossible to tell without clicking what the real link will turn out to be. This means you might click a link thinking you will be directed to a news story, and instead find yourself on a malicious website. It is better to be safe than sorry, so if you don’t absolutely trust the person or company sharing the post, don’t click.
3. Strengthen your privacy settings. Facebook collects all kinds of information on its users, from your hometown to your birthday. If you leave your profile completely open so anyone can view it, you run the risk of being target of scammers and thieves. Facebook allows you to set the privacy of all your information, posts and photos. You can control who can see what you share in a couple different ways. At the top of the page is a lock icon that you can click to bring up your privacy settings. Facebook has worked to make this section interactive to help guide you as you manage your settings.
Who can see my stuff? opens up a menu where you can change your global privacy settings — that is, set a minimum security setting for all future posts. If this is currently set to Public, then anything you post is visible to anyone whether they have a Facebook account or not. It is recommended to change this setting to Friends so only the people on your friends list can see what you post. If you’d like to limit it more, you can even create custom lists of people on your friends list to share with (or not). You can also change the privacy settings of past posts, which is handy if you have had a profile for a while with many public posts dating back a few years or even all the way to 2004.
You can also change the individual settings for posts and sections of information on your profile. You might want your family members and certain close friends to see your address and contact information, but that’s not the kind of information you want Joe from the coffee shop — or perfect strangers — to see.
On the other hand, Twitter’s privacy settings aren’t as in-depth, but you can decide whether to include your location with posts, block people from finding you via your phone number or email address and even password protect all of your tweets to keep them private.
4. Think before you click. The introduction of games and apps to Facebook has made its users direct targets for scams and attacks through these channels. One popular method of tricking people into clicking on a malicious link is to create a fake app that promises to add features that don’t currently exist to your profile. Unlike Twitter and other popular social network websites, Facebook does not allow you to change the color of your profile background. Beware of any app that says it can do this or anything similar. Almost always, attempting to install it onto your profile will result in a virus or even the outright theft of your account by a scammer. Twitter users are also at risk for scammy add-ons and plugins that promise something great, but deliver something sinister instead.
When installing apps or games to your Facebook account, it’s also important to take note of what information the app wants access to. Some of these apps request permission to use, access or store quite a bit of the profile information you might otherwise have on lock-down through your privacy settings. If you don’t want to give friends of friends access to your photos, why would you let a random app access them? Furthermore, most apps and games require permission to post on your behalf — meaning, if it is a scam, you have just given it free reign to spam your friends’ Newsfeeds with a scam.
5. Install security software. Not only do Internet security software suites block and eradicate viruses and malware that attack your computer, but many these days also have special companion apps for use with social media. Bitdefender’s SafeGo app scans your Facebook Newsfeed for malicious links and helps keep track of your privacy settings — notifying you if vital information is left unprotected. Looking for Twitter protection? A great option is Trend Micro’s social media scanner, which connects to your Twitter, Facebook and Google+ profiles to monitor privacy settings and scans for bad links on virtually every social media site out there. Taking it a step further, many Internet security software suites also come with mobile protection so you can safely use social media on the go.
A little care goes a long way online
The most important thing to remember about social media is that it is never private. Unless you keep a profile with no friends and the strictest privacy settings, you are going to be sharing information with other people one way or another. That’s the point! So it is up to you to do what you can to protect yourself online, just as we take care to stay safe in the real world. Part of that is paying attention to privacy settings and thinking before you click links. However, employing a reputable Internet security software is also a great way to stay a step ahead of spammers and scammers. Visit our Internet security software review page to learn more about what different programs have to offer.