How To Spot Social Media Phishing Requests
We all like to think we’re savvy but even the most cautious of us have nearly been duped by these social media based phishing scams and they’re getting more sophisticated and official than ever before.
If you’ve heard the term ‘Phishing’ but don’t know what it is – essentially, it’s when a person or group attempts to get you to divulge personal information with them (via emails, tweets, posts etc) while they’re pretending to be an official business or reputable person – which they’ll then use to commit financial or identity fraud with. Whatever form these phishing attempts take, all of these will try to play on your fears of safety or trust and almost all will require ‘immediate action’ from you.
The most common examples of phishing are:
• In-account DMs, New follower or link clicking requests – these appear directly in your social account feed, are targeted and generally are trying to entice you to click the link/image/video contained in them or get you to call a telephone number. Beware though, if you click the link in these you could be making your account vulnerable.
• Connection request emails – these are predominantly associated with Linkedin.
• Account Suspended / Security Warning emails – these can pretend to be from the social networks and claim to be notifying you that there’s an issue with your account and you need to login to your account via the link in the email to confirm your details. Remember no reputable social platform will ever ask you for your password details or credit card details so proceed with caution.
So, what should you do or look out for?
1. Don’t click on links in posts, tweets or DM’s unless you’re 100% sure they are genuine. If it’s just a link don’t click it. If it’s from a person you seemingly recognise (i.e. a follower) but it’s unusual for them to contact you in this way, contact them via other means, to confirm they sent it.
2. If it’s an unusual connection request check within the platform whether you even know the person and if you actually have any shared connections/followers. Remember don’t go via the connection request itself but via the social platform.
3. If in any doubt about the post, tweet or DM check out the users profile – this will generally flag up any concerns. Check their feed and followers.
4. If you’re sent a suspicious email never click on a link in it without first looking closely at
• Does the ‘from’ email address look like it’s actually from the social platform i.e..
@twitter.com – check the header information and hover over it to reveal the real email address.
• Does the email name you by person?
• If you’re on desktop PC hover over the ‘call to action’ button/link (they’ll all have one). Look at the url displayed – generally these’ll bear no resemblance to the real network. Hover over the link, and refer to the status bar at the bottom of your browser window to make sure the link actually, goes to the place shown in the email.
5. If you’ve had an ‘account suspended’ email or similar type of email, take a step back and consider if the social platform would actually contact you in this manner. If in doubt go to the social platforms website and check out how they would contact you. All social platforms would have these details. You can get further information on how the platforms would contact you from the following urls:
6. You might have ignored these requests in the past but try to add a second contact option for the social platform to contact you by. Adding an alternative email or telephone number to your account will allow you to quickly and easily update/revise your login details yourself if you’ve just forgotten your password or you’re concerned about security. You’d be surprised to find out how difficult it can be to update your password or retrieve it without this second communication option!
What to do if you suspect a phishing scam
1. Do NOT enter into any form of communication with the supposed sender of the phishing scam.
2. Report it directly to the social network via their reporting steps or via the app itself.
3. Remove or block the connection.
4. If you feel your account could have been compromised immediately change your password details and, if available, enable two-step authentication.
5. If you think you’ve been financially scammed report it to Action Fraud, the UK’s national fraud reporting centre http://www.actionfraud.police.uk/ Their website has lots of advice and details on the latest scams to be wary of.
Obviously, this article has only touched the surface of social media phishing but hopefully it has opened your eyes to just being a bit more careful on your social platforms.
- To schedule or not? – That is the social media question
- The Importance Of Being Social On Social Media
- Is it time to review your Twitter presence from a different perspective?
- Why integrating social media into your website can help your business
- Demystifying Twitter
- Google+ What is it and should you be on it?