Reasons why everyone is getting hacked on Facebook

Why is everyone getting hacked on Facebook? Here are some of the reasons why everyone is getting hacked on Facebook.

If your social networks are anything like mine, you’ll definitely have noticed an increase in users getting “hacked” lately. Maybe you got a funny Facebook message from someone you haven’t spoken to in a while. Or maybe your least tech-savvy friend suddenly starts talking about crypto on Instagram. Or perhaps you see post after post on your timeline of someone saying something like, “Sorry everyone, I got hacked! » 

What is it about? Why is your aunt, your favourite podcast author, and that girl you dated in college suddenly getting hacked? Isn’t this something that only happened to stars until now? 

Long story short: Internet users are quick and easy targets for cybercriminals every day. Now, if you want more explanation:

Is everyone currently being hacked?

Important point: Your aunt was not hacked. She was a victim of phishing, which is another type of cybercrime. Hacking, sometimes called hacking, is “the application of technical or technological knowledge to solve a problem or overcome an obstacle”. Hackers can be well-intentioned (like those working here at Avast) or criminals (like those who hacked Facebook in 2018). Whatever the intention, hacking requires deep knowledge of technology and excellent programming skills.

Phishing, on the other hand, is a social engineering technique that tricks people into intentionally disclosing sensitive information. A phishing scam can be simple (like a message with a link that says “look who’s dead”) or complex (like a tech support scam ), but always uses some form of electronic communication to trick or defraud people. 

More importantly, phishing relies on the victim trusting the scammer and doing something, like clicking on a link or submitting their bank details, so the scammer gets what they want. Unlike hacking, phishing does not require any advanced technical knowledge. 

Types of social media scams

You’re not dreaming – social media scams are on the rise. According to the Federal Trade Commission (FTC), the scammers managed to extract a total of $770 million from Americans in 2021. This is almost three times more than in 2020 when they stole $258 million. In fact, social networks have become the most profitable method for scammers. Indeed, not only are they cheap, but they offer the first thing a phishing scam needs to succeed: personal information that can be manipulated. 

“The reason they target legitimate accounts instead of creating new fake ones is that there is an existing level of trust in the network of friends,” says Jeff Williams, global head of security at Avast. If you and I are friends on Facebook, for example, and you send me a private message, I naturally assume it’s really from you and it’s not spam. Therefore, I’m much more likely to click on a link. »

What types of social media scams should you watch out for? Here are the main ones.

Direct message (DM) scams

Direct message (DM) scams serve as a vehicle for phishing-based social media scams. The scammers send a direct message containing a link from the victim’s friend’s account with a phrase like “is this a picture of you?? or “look who’s dead”. The link then directs the victim to a fake login page, in order to steal their credentials or ask for money to view the aforementioned image or video. Scammers rely on people’s natural curiosity, and the trust they place in their social media friends, to trick them into mindlessly clicking and sharing private information.

Cryptocurrency scams

Cryptocurrency scams are exploding right now, especially on social media. I have personally seen many stories from friends on Instagram talking about crypto investing – and these are never my friends with technical knowledge. These scams use phishing techniques, usually in the form of a malicious link, to obtain someone’s account credentials and then take control of the account. They then use that account to spam the victim’s friends, and in most cases of fraud I’ve seen, they take over their stories and posts to talk about crypto and spread the word more widely. ‘scam. The goal is to trick you into “investing” in cryptocurrencies on their fake investment sites or divulging your existing crypto credentials, so they can steal your money.

Romance/catfishing scams

Catfishing and romance scams are, in my opinion, among the most Machiavellian. These scams rely on people’s genuine desires for connection and love to extract money from them. Scammers create fake profiles on social networking sites such as Facebook or Instagram – and, increasingly, on legitimate dating sites – and then make contact with their potential targets. They are very enterprising and manage to establish a romantic and/or sexual connection with their victims, then end up asking them for money for an “urgent” reason. Pay special attention to the rapid rise of crypto-romance scams, which take the old method of catfishing and add an untraceable financial component via crypto-currencies.

Sugar Daddy Scams

Sugar Daddy scams are kind of a cross between romance scams and DM scams. The scammer poses as a rich, older man who wants to pay a young woman (aka the “sugar baby”) for her time. But, surprise! He’s not really a sugar daddy. It asks the young victim to send money (often through gift cards, which are the preferred payment method of online scammers) in order to “validate” their payment information. In the end, it’s the “sugar baby” who pays, not the other way around.

“Who viewed my profile?” scams »

You’ve probably seen an advertisement claiming to reveal who has viewed your profile. Do not click on it. These ads are a form of phishing that exploit people’s natural curiosity and vanity. Their sole purpose is to steal your social media credentials in order to either a) gain access to your accounts or b) sell them on the dark web. 

False advertisements 

These scams rely on fake advertisements that appear to come from legitimate companies in order to trick people into buying non-existent products. More often than not, people place orders for items that they see advertised online but never receive. These types of fake ad scams accounted for 45% of all social media scam reports in 2021, according to the FTC.

Avast Threat Labs detected a false advertising scam in 2021 that allowed crooks to steal more than $100,000 by the time they were detected. The ads promised Amazon cryptocurrency tokens and managed to convince victims to “invest” in this “opportunity”. 

“Your account has been locked. »

This type of social media scam relies on the kindness and helpfulness of most people. This is usually a DM from someone claiming their account has been locked and they need help accessing it. The person asks you to click on a link in order to recover his password, but this link is malicious. This means that you will receive malware on your device or that you will be redirected to a site that will ask you to enter valuable information (login credentials or bank details) to steal them. 

“Help me please” scams

There will always be crooks who will take advantage of tragic situations. This is particularly the case with the current war in Ukraine. Avast security experts very quickly detected scammers on social networks claiming to be Ukrainians in need and asking for money in the form of cryptocurrencies. 

Another version of “Help me please” is A scam commonly known as the “grandparents scam  “. In this case, a scammer pretends to be a victim’s grandson or granddaughter and pretends to be in dire straits – like being stuck in a foreign country or arrested – and needs immediate financial assistance. These scammers take advantage of a person’s love for their grandson or granddaughter and their desire to protect them, which is quite a heinous move.

How to avoid getting hacked on Facebook or other social media.

Do not click on links

Especially if they look unusual! Ask yourself the following questions: Would your friend actually send a link on this topic? And if he sent you a link, would that link be shortened? Typically, scammers send through a link shortener to disguise the real links. So if the link looks weird, it’s probably a phishing link.

Beware of unsolicited messages

If someone you haven’t spoken to in years — or don’t even know — sends you a random message, you should automatically be suspicious. Of course, we’re not claiming that anyone who contacts you on social media is suspicious. But trust is something you earn, so don’t assume that just being “friends” online means you’re actually texting with your friend.

Enable MFA everywhere

Multi-Factor Authentication (MFA) is a security measure that requires you to do at least two things to sign in to an account. For example, your Gmail account on your computer might ask you to enter your password and then open the Google Photos app on your phone to confirm that it’s really you trying to sign in. The idea is to prevent someone who has gained access to your password – for example through a social media scam – from hacking into your account. And since data breaches happen all the time, MFA is critical to security today.

Have good password habits 

Speaking of passwords, you know the rules by now: Use different, unique passwords (or passphrases ) for each account. Then, use a password manager to keep track of them. Change your passwords regularly. And don’t tell anyone! Your passwords are for you only.

Use an ad blocker

As scammers use social networks to defraud people, among other things, with fake advertisements, install an ad blocker. It will block you from seeing the ads, which means you won’t be tempted to click on them. Problem solved!

Be sure to use anti-virus software

Good antivirus software will protect you against all kinds of attacks, including social media scams. Buy it, install it and activate it. It’s a bit like a personal anti-fraud.

I got hacked on social media! What to do?

If you’ve ever been the target of a scammer on social media, don’t panic! There are steps you can take to secure your account (and your money) from future attacks. 

First, you must immediately change your password. If you decide not to change it, scammers could continue to hack into your account and spam your friends, or even ban you from it.

Then, do your accounts: Have you used this password on other sites? If so, you need to change it on those sites as well. Scammers could sell your data, which could allow other criminals to access your other accounts if you have reused passwords.

Once you have regained control of your account, post a short post to let everyone know what happened. It is likely that several of your friends have already clicked on a fraudulent link from “you”, but it is better to warn others, just in case. And also apologize to friends who clicked. It’s more fun!

If you’ve lost control of your accounts, most social media services now offer a process to “recover your account.” It’ll probably be tedious, but it’s worth stopping the scammers impersonating you and probably going after your friends. 

Social media scams are just one way cybercriminals are trying to defraud people today. Be careful, always be a little suspicious and remember: Do not click on the links!

Credits for this article: Avast Blog