You’re likely familiar with e-mail phishing scams. Typically, these involve an email that looks to come from a name you know – like Microsoft, PayPal, or your bank – and then direct you to a website where you’re asked to “verify your account” or perform some other task that requires your username and password.
These have become fairly easy to avoid, with the tell tale sign being a URL that isn’t the official address of the company the phisher is trying to imitate. However, with social media, we’re seeing new types of scams emerge that can be trickier to spot and have both dangerous and embarrassing consequences if you become a victim.
Spotting a Social Media Scam
There are a number of ways that phishers target users on social media sites. Private messages, comments on your wall, and friend requests are the most typical methods a scammer will try to reach you. Like email scams, they’ll typically direct you to a website that looks to be affiliated with the social networks you use.
That’s where it can get confusing though. Often, social media phishing scams pose as legitimate applications that provide value to users – like being able to quickly gain more friends or see what your influence is on a given social site. Many times, these messages also come from your friends who have unknowingly fallen victim themselves. Thus, with thousands of legitimate third-party applications for social sites, the scams can be challenging to identify.
However, the big three social networks – Facebook, Twitter, and MySpace – offer their own secure login systems for apps. If you come across an application that allows you to directly enter your username and password instead of directing you to login or connect with your account via the social site, be very skeptical.
The Consequences of Falling Victim
Although falling victim to a social media scam might not lead to outright identity theft as emails scams sometimes can, it can have embarrassing consequences. Many phishing scams that target social sites propagate themselves by sending messages to all of a victim’s friends.
In other words, if you enter your credentials on a scam site, it may send out a tweet or a message to all of your friends, which, at the best makes you look foolish, and at the worst, results in them falling victim to the scam as well.
That said, if you don’t use diverse passwords across services, there could be far more severe problems. For example, once someone has your username and password to a social site, they may try to use it to access your email. If you use the identical login info, your problem is suddenly much worse.
Use Extra Care on Social Sites and Apps
The bottom line is to be extremely diligent on social sites, especially when exploring third-party applications. There are not many scenarios where you should have to enter your username and password for Facebook, Twitter, or MySpace on anywhere other than the site itself. There are a few however (popular photo app TwitPic for example), so ask around if you’re thinking of using a third-party app and aren’t sure if it’s safe.
Usually though, malicious apps will offer something that an experienced social media user knows is too good to be true. Generally speaking, there are no quick ways to gain thousands of friends or followers, so be particularly wary of such claims. Finally, anti-virus software and modern Web browsers like Firefox (version 3 and higher) and Google Chrome are also increasingly including features to warn users of potential phishing, so make sure to keep these updated.