Clickbait, clones, and cash grabs: Sidestepping the scams on social media

Uh oh, Grandma Phyllis has done it again. She just shared an ad on Facebook for discounted Ray-Bans, but you know the only sunglasses she wears are $3 clip-ons from Walgreens.

Out of curiosity, you click the link. Suddenly the red flags appear like ants at a picnic.

The domain name is not official.  

When you see a domain like www.rb-store-online-sunglsses.com, you know you’re in for a treat.

Official brand domains are never that messy. It’s only when a fake e-shop is trying to impersonate a legitimate brand, such as www.ray-ban.com, that they need to throw in a bunch of gratuitous words, abbreviations, and hyphens.

The site itself just looks bad.

Some imposter sites do a better job than others, but most of the time, they look as though their creative team did the design work on an Etch-A-Sketch.

A few dead giveaways are: random fonts all over the place, multiple exclamation points (Amazing Price!!!!), capitalization running amuck (can someone please get these people an AP Stylebook?), mismatched color schemes, confusing layouts, and so forth.

The deal is too good to be true.

Ray-Bans may not be the most expensive sunglasses on the market, but if the standard pair is about $150, then a discount of 90 percent would make them just $15. That’s a massive discount. It’s so good, in fact, that it’s probably not real, since $15 would barely cover the cost of shipping.

If the deal is on the official website, then that’s different (and please contact me if that ever happens!). But when the domain is a hot mess, the site looks like a hot mess, and the deal is so good you wonder how they’re staying in business, you’ve got yourself a scam cocktail.

There is no SSL Certificate.

Luckily for Grandma Phyllis, she did not input her credit card information into this fraudulent e-store. If she had, she would have seen that the “http” at the beginning of the URL never switched to “https” (the “s” signifying a secure connection) when she was about to checkout.

The SSL Certificate is standard procedure for company websites and exists to keep customers’ data secure, build trust, and increase the site’s ranking on Google.

Dodging the bad guys on social media

Facebook is not the only place where fake companies congregate to lure unsuspecting victims. Twitter, Instagram, Snapchat, and all the other cool places to hang out digitally are fair game for bad ads and bad links.

In a Forrester survey of 192 network security decision-makers whose firms have had an external security breach in the past 12 months (download the full report below), 19 percent of security breaches were targeted through a social media account.

Here are a few tips to keep in mind so that you’re not part of that 19 percent:

1. Don’t get click-happy.

Most malware and other scams won’t work unless you click on them first. That blue, underlined link just screams, “Click me!” But if it looks suspicious in any way, it probably isn’t worth clicking on. And at the risk of sounding like a D.A.R.E. officer from my childhood, just say no to bad links.

2. Report suspicious posts and block spam accounts.

Always report questionable posts to the social media site where you see them, and if the post is on a friend’s account, let them know.

If an account is obviously spam (e.g., “Follow4FollowLuvBird89” on Instagram), block it.

3. Set strong passwords.

The password “password” is just asking for trouble. Strong passwords are essential for keeping your accounts safe from potential threats. A strong password will use several characters and be comprised of upper- and lowercase letters, numbers, and symbols.

You can still have the password “password,” but it could be spelled “[email protected]$W0Rd823735*!!” instead.

4. Keep your firewall and anti-virus programs up-to-date.

This is one of the easiest and most effective ways to keep malware at bay.

5. Be wary of add-ons and other social media apps.

Many social media extensions and plug-ins are written by third-party companies. This is all well and good, and we’re all fans of the free market, but it also lends itself to scam artists looking to pilfer your information. Look before you leap.

6. Accept friend requests only from people you know.

This seems obvious until you get a friend request from your Uncle Henry… who already has a Facebook account.

Hackers love to clone current user accounts in order to adopt all their current followers and loop them into their spam agenda. Don’t fall for it! Let Uncle Henry know he’s been cloned and that he shouldn’t worry because his closest friends and family know he’s the real Slim Shady.

In conclusion, none of us are completely immune to the various tactics of social media criminals. Whether it’s Grandma Phyllis unwittingly advertising fake Ray-Bans or Uncle Henry’s clone, we must stay vigilant to all the ways in which people want to steal our information.

Learn why traditional approaches to endpoint security are becoming outdated and what you need to do to stay secure. Download the Forrester Wave report below.