Learn to recognize and avoid the most common malicious schemes terrorizing newsfeeds everywhere.
Thieves no longer stop at credit card numbers and financial swindling. Sure, they want your money, but today’s career criminals want more. They want your data.
Personal info comprises today’s riches: what you like, where you go, who you love, what you believe — anything that details who you are is valuable data. In earlier days, this data would immediately be put to use to commit identity theft. But today, it is equally advantageous to the criminal to sell the data. Shady organizations and services use this type of info to target ads, launch social engineering campaigns, or effect other manipulative operations.
The more an entity knows about you, the more it can use what it knows to influence you, such as leveraging, for example, the dislike of a political party to promote fraudulent gossip. With the right (sinister) calculations, social engineering and population manipulation can have major global effects.
I’m just one person, you might be thinking. My action or inaction won’t cause global change. Nobody’s going to target me. How wrong you are. Your action or inaction CAN cause global change, and the evil powers that be DO in fact want to get into your social account... because they don’t just want you — they want your entire network. And then they want the networks of all those in your network. And so on.
Benjamin Franklin famously said “An ounce of prevention is worth a pound of cure.” Here’s your ounce of prevention. Get hip to these scams most commonly making the rounds today, and avoid them at all costs.
Data-mining quizzes, surveys, and contests
These data-mining scams use cutesy ploys to get you to give up certain info. You might think it’s all in fun, sharing inconsequential data like your mother’s maiden name in order to be told in which Hogwarts house you belong, but the ulterior motive of these scams drains away any fun to be had. In reality, bad actors are drilling you for info on yourself and your friends. Avoid clicking on these, and definitely do not share them.
Bad actors put a lot of thought into crafting clickbait. It has to be mouthwateringly irresistible, a headline or tease for an article that seems juicy and incredible, but believable. The more data bad actors have on you, the simpler it is for them to devise clickbait that will tempt you. Once you click, you are redirected to wherever they want to take you. Usually, it will be a fake login page for Facebook or Twitter. You might wonder why you need to sign in again, or you might just automatically do it. They’re hoping it’s the latter, because if you do that, they now have your credentials.
“Friendly” cash requests
Whether it's a desperate plea from someone you know or someone you don’t, beware. When a bad actor succeeds in hacking an account, the first thing he or she may do is spam every contact in that profile’s friend list and ask for money, hoping to get to a sympathetic “friend” before the hoax is exposed. Always double-check with a friend in-person if ever you receive a money request from them on social media or email.
Shortened URLs do save space and look cool (bit.ly and goo.gl to name a couple), but bad actors are using them on Twitter and Facebook to trick you into clicking and spreading malware, viruses, and more. These shortened URLs can look like official sites, so before clicking, use the CheckShortURL page to check if the particular one you’re considering is free of malware. I should note that at Avast we use https://ava.st in our shortened URLs and we do check to ensure that all links are safe before we share the links with our communities online.
Strange friend requests
Yes, it seems obvious, but it does need to be said. Whenever you get a friend request, ask yourself why this person is networking with you. If you can’t think of a reason, or you don’t like the reason, ignore that request. With the prevalence of scams and crime in today’s cyber-climate, we can’t afford to trust in the kindness of cyber-strangers.
Double friend requests
No doubt you have already experienced this obvious but harmful trick. You get a friend request from a friend you already have, you easily justify it as a mishap on their end or some strange glitch in the system, and you accept the friendship. Of course you do, it’s your friend! It’s not your friend. This is social engineering at its most insidious, hoping to get you to automatically invite in the vampire without really thinking about it. Too bad for them, you’re smarter than that.
Also called “chain message hoaxes,” as cautioned by the Attorney General of Nevada, these are urgent-sounding alerts pretending to be from your friends or the social platform itself telling you about something of critical importance to your account. The social engineering at play here is to get you to act out of panic and alarm, rashly entering info and granting permissions under frantic duress. If ever you think there may be a problem with one of your accounts, use the “front door” — open a new window, log into the site, and check on your account status. Never trust links within messages, posts, or emails.
The good news is that a lot of these common tricks are recognizable and easy to foil. The bad news is that there are millions of internet users who are not as tech-savvy. They may not be able to identify such plays on their innocence. So, like we teach young hikers and scouts to identify poison ivy in the wild, we need to teach users new to social media how to spot and circumvent these above dangers.
It doesn’t hurt to add some backup, in case anything gets past your own eyes. We developed Avast Secure Browser to protect your privacy and keep you safe from malicious URLs. With anti-phishing tech, anti-tracking tech, Bank Mode, and Adblock, it gives you a premium browsing experience with the peace of mind that you are protected. As we send our youngest (and oldest!) along the road of social media, let’s equip them with the knowledge and tools they’ll need to stay safe. Download Avast Secure Browser for free for your PC today.
And, while a secure browsing experience is a good stary, you can also up your privacy protection by using a good anti-track solution like Avast AntiTrack Premium. It is a deeper way to protect yourself online by disguising your online identity.
Avast researchers have discovered cybercriminals using an old medium (PDFs) in a new--and dangerous--way.
That .zip file looks legit, but it's actually a sneaky new way for cyber criminals to steal your info.