Scams initiated via social media platforms such as Facebook or LinkedIn are an increasing threat that are nothing to “LOL” about. These are far from isolated to a person’s smartphone or home computer while away from the office, as small businesses increasingly use these platforms as a marketing & client engagement tool, and it is also common to use a company laptop for work and personal use. This makes it easy for clicking that link that appeared to be a legitimate message from someone you know to spell disaster that is easily spread to your friends/family, or worse, across your company servers. This month alone, I have seen a significant increase in scams that appear alarmingly legitimate, thus I wanted to “Like and Share” awareness on this issue.
LinkedIn “You appeared in x searches” emails
Emails that appear to be from LinkedIn are been particularly concerning as they look almost identical, and LinkedIn tends be viewed as a more trusted source than Facebook. Below are two versions of “You appeared in x number of searches this week”, one is legitimate and one is a scam. Try to spot the differences before I detail them next. Note that the snippets are from my Inbox, as such emails should never be opened thus must be identified as they appear in your Inbox.
Legitimate LinkedIn email:
Both appear to be from LinkedIn, but only one actually is. Notice where I mouse over the address to reveal the actual senders address, which has nothing to do with LinkedIn. This is known as “spoofing”, where someone applies a fictitious name to appear in place of the actual sender’s address. The 2nd way to identify this as illegitimate is by the use of my email address instead of my actual name in the first line since the scammer does not know my real name used in the real email thus must insert something. Last, the plural of search(es) is missing. We all have that one person in the office who feels it necessary to correct everyone’s grammar and spelling, right? When identifying email scams, be that person, as most scam emails that otherwise look legitimate will have a minor grammar or spelling mistake as they often originate from non-English speaking countries.
At a glance, the emails appear quite similar. I opened the scam email on an old smartphone (NEVER actually do this) and the email appeared just like the real one, although I suspect the links it contained are malicious. To the casual user, the scam email could easily be mistaken as legitimate. Scary indeed!
Like Farming: There are two common types of Facebook scams, the first is Like, Farming? Or rather, “Like Farming”, which may not sound familiar (and expectedly has nothing to do with agriculture). What if, I instead said “Like and Share”? Immediately that heart-wrenching picture someone shared earlier in the day that said “can this person/picture get a LIKE and SHARE?” would come to mind. Sadly, chances are such a post is being used only to gain as many Likes and Shares as possible and at some point be used in one of the following ways: The link contained in the post is later changed to direct to something nefarious or a product for sale, the entire post is changed to solicitation (think Ray-Ban, vacation giveaways), or a marketing list with names of all those who Liked/Shared is compiled. It only takes a snippet of your personal information for an experienced data miner to “triangulate” with other personal information and they will have enough information to market their product to you directly via Facebook ads, email, regular mail, or over the phone.
How does this happen? Let’s say I’m trying to generate leads for a company that offers mortgages to veterans, so I start a “Like and Share” campaign with a picture that would evoke an emotional response from a veteran, perhaps a picture of a wounded soldier. Whenever you “Like”, I get your name, when you “Share”, you further propagate my campaign. Before long, I have a list of qualified leads that YOU helped me achieve. To make matters worse, the person in the picture often does not know their picture is even being used nefariously. I’ve read about numerous instances where a person’s picture was unknowingly copied and later on the actual person found out that their picture was used for such a purpose when someone recognized the person and accused them of defrauding others.
Think about it: We all have friends/family who are constantly posting agenda driven content, has anyone you know ever put specific instructions to “Like and Share” in their post that wasn’t already a repost?
Alter Ego: The second common Facebook scam is what I informally termed the “Alter Ego”. You may have seen people post recently, “if anyone receives a friend request from me, delete it!”. Now think back to what I said about using copies of your pictures without your knowledge. Scammers can build a fake profile of you, then start trying to “Friend” your own friends as if the scammer was you, then start posting links on your friend’s wall or message them directly with more junk. These links can contain anything from sites to market their products, automation that will message more junk to your friends from your account, or infect your system with malware that can render your computer and files unusable, which may include your company’s network. One very common example is a message received from someone you know who has clicked on such a link, is simply an emoji followed by what appears to be a YouTube link (its not).
My hope is that what you’ve read here enables you to prevent falling victim to a scam, however if you have questions or find yourself in the unfortunate position of your computer or network being compromised, Systemadix is available to assist.