If you have a social media account, you’ve may have already run into some kind of online scam. Whether it’s a company offering cheap products that don’t really exist, or a suspicious direct message from an unfamiliar account.
In recent months, some verified Twitter users appear to have been targeted.
Metro.co.uk has seen messages like these as recently as Wednesday, when an account called ‘The Notification Options’ sent an employee a suspicious DM suggesting their account was at risk of losing its ‘blue tick.’
The account behind the message is suspicious for a number of reasons, including the fact it was created this month, has never tweeted, and features a background photo that resembles those on legitimate Twitter accounts.
In a DM sent Wednesday, it told the Metro.co.uk staffer to click on a link to a form he could use to appeal the alleged ‘blue tick’ decision.
Concerned this might be a scam, he didn’t click on the link, so we can’t verify exactly where it would have lead.
But similar suspicious messages have been exposed as phishing attempts, whereby a scammer tries to get hold of personal information like credit card details or passwords.
Metro.co.uk has reported the account to Twitter.
Although social media companies try to prevent scammers from targeting users, they continue to slip through the cracks.
And the results can be serious. Suspicious links might direct a user to malware that tracks a device or even holds it ransom.
Sometimes the prize is the social media account itself.
Instagram user ExposingInstaScams recently revealed a fake support account that appears to be trying to the bypass two-step verification security process by requesting forgotten password codes.
Like the suspiscious Twitter account above, the ‘Help Team’ account presented itself as an official support channel.
What happens when you click the link?
If the scam is a good one, then clicking the link will take you to a realistic-looking website disguised as a password reset page.
The page will ask victims to give their current password and the new password. Of course, it just delivers your password directly to the scammers.
Regardless of whether you entered a valid password or not, the fake page will flag up a message something along the lines of this: You entered your old password incorrectly, please check and try again. If you do not know your password, you can renew your password from your Twitter account.
By now, the scammers have both the username and password for your account and can access it directly themselves and make any changes they want.
So how can you protect yourself from social media scammers?
Although scammers come up with new ways to target users all the time, you can help protect yourself and your data with a few simple rules.
Treat contact from unfamiliar accounts with caution
If you’ve recieved a message or a message request from an account you don’t recognise, it’s best to treat it with suspiscion — particularly if it claims to be an official account like those mentioned above.
Twitter, for example, says it will never ask users for their passwords via email, DM or reply.
Even if an account is familiar, it’s a good idea to remain vigilant. Legitimate users get hacked all the time: accounts that may end up in the hands of bad actors.
2. Don’t click on suspicious links or attachments
In many cases the message in suspicious DM or email aren’t as dangerous as the links or files they contain. Clicking on links or attachments might cause your device to download malicious software.
Links might also send you to phishing websites that impersonate real social media login pages.
So before you click on any links, make sure you check the URL. Genuine Twitter support accounts, for one will never send you to to a non-Twitter website.
If you’re still suspicious of a link or a file, just don’t click on it at all.
3. Use strong, unique passwords, as well as two-factor authentication
This one might seem obvious, but using weak passwords across multiple accounts is still a common pitfall of many users.
Twitter recommends using a password that’s at least 10 characters long and contains a mix of uppercase and lowercase characters, as well as numbers and symbols.
It’s also important to use different passwords for different accounts. Otherwise, as soon as one is compromised, the others will be vulnerable too.
If you struggle to remember all these logins, it might be worth investing in a password manager like Dashlane or OnePass that remembers them for you.
Two-factor authentication, where you’re asked to enter an extra code sent to your email, mobile phone number or an authentication app, will also add another layer of security to your account.
4. Check if your accounts have already been compromised
One thing you can’t do all that much to stop are large-scale hacks that steal personal data from social media companies themselves.
However, companies have a responsibility to alert you should they think your data has been compromised.
You can also check if your accounts have been included in known hacks by typing the email address or username (but not your password!) into a database like haveibeenpwned.
5. Don’t ignore security alerts from social media companies
When you sign in from a new device or after clearing your browser cookies, you’ll probably get a security alert from the platform you’re logging into.
You may also get an alert when you update personal information like the email address associated with the account.
While it’s tempting to ignore these alerts, they are one of the fastest ways to find and report suspicious account activity.
If you get an alert you aren’t expecting, it’s best to investigate it as soon as possible as these often contain steps that you secure your account.
Source: Read Full Article