Authored by a Symantec employee
We are sure you’ve seen them lurking in your news feeds—breaking news reporting a celebrity’s death, photos of natural disasters striking major cities, video footage of riots and outrage over an accidental shooting—all seemingly legitimate news stories. However, this “news” may not be what it seems.
In 2016, Facebook has reported that it has 1.71 billion monthly active Facebook users. Twitter has 313 million monthly active users. With so many active users, popular social sites are a scammer's paradise. Scammers will try to entice you into clicking by posting sensational or emotional breaking news stories; sometimes capitalizing on a recent news event, or making up a fake, shocking news story. The motives are the same; scammers try to exploit these stories for any kind of financial gain possible.
There are several different types of tactics scammers will use to try to lure you into taking the bait: impersonating victims or family members of a tragic event; selling souvenirs or memorabilia while claiming the proceeds go to charity; or by posting photos and videos of the event.
Click With Caution
You may have seen a fake videos or news stories circulating on social media sites after an extremely newsworthy event. The post states that the user needs to share the content before it can be viewed. After sharing the video, users are taken to a page asking the user to fill out a survey before viewing. Seems harmless enough, right? Hardly. The survey will gather sensitive personal information that can be used in phishing attacks. In addition to collecting sensitive data, the scammers will also earn money per completed survey and in turn, will sell that information to other scammers.
There are many variations of these types of scams, and it is not always a survey. Users will try to view the video, and are taken to a page stating that they need to download a plug-in in order to view the video correctly. This “plug-in” is malware in disguise, usually a form of spyware that is then installed on the user’s computer that will track and collect information such as bank accounts, Social Security numbers and anything else that can be used in attempting identity theft.
In addition to trying to install malware on your computer, there are other objectives. Sometimes these links will redirect you to adult websites or spam sites in an attempt to boost web traffic, or to install malicious Facebook applications that can steal your personal data.
Ways to Spot a Fake
Be skeptical. Just because you see it on your feed doesn’t necessarily mean it is true. Sometimes, your friends may have fallen victim to the scam and are not aware of it; scammers using clickjacking could have hijacked their account.
Always check the link before clicking. You can do that by either hovering over the link or looking directly below the link itself on the Facebook post, which shows the referring website’s URL. Only visit known and trusted websites. You can also use Norton Safe Search to verify the legitimacy of a website as well.
Be very suspicious when there is a call to action before being able to view the content. Moreover, actions such as having to share the media before viewing, requests to take a survey or download additional software are all huge red flags.
If you need to know if the event happened, use a search engine to verify the validity of the headline. If you were to type in the subject of the event, you would see stories about how it is a fake. If it were a real story, there would be several news articles listed about the event.
You can also visit trusted news sites such as CNN.com or AP.org to verify the story. Another great site for busting hoaxes is Snopes.com.
What to Do If You Fall for the Scam
In the event that you fall prey to one of these scams, here are a few steps you can take to clean up the damage and minimize it from spreading.
- Remove the spam from your feed, so no other people fall victim to the scam.
- Change your password immediately. Even if you do not think the scammers have access to it, it is better to be safe than sorry.
- If you were tricked into installing a rogue app, remove it.
- Run a virus scan) will notify you about malicious websites.
- Create a post on your feed notifying friends of the scam, informing them not to click on anything strange or unusual coming from your page.
- Report the scam to Facebook or Twitter, depending on where the content is hosted.
Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.