As we spend more time than ever before on our devises, most people are aware of the many scams that exist on the internet now. It’s tough to simply look at your emails without noticing several phishing emails sitting in your inbox, and those are just the obvious ones! Then, there’s, “We need you to update your account info, just click the link below,” emails. It can even go deeper with hackers physically talking with you or conning you into giving them information you shouldn’t. Lately, the largest influx of scams has come from social media. As of right now, it is estimated that worldwide social media users total 3.8 billion. That is a lot of people to target.
Fake Facebook Profiles
Facebook saw a lot of scrutiny lately revolving around Russian meddling in the 2016 election. Not only did they find literally millions of fake Facebook accounts, but they also found that there were Facebook ads created to sway American voters. This is a perfect example of the new age of social engineering. All of this comes from profiles that look legitimate on the outside but once you do a little digging you can quickly tell the difference. In 2019, Facebook shut down over five billion fake accounts!
The same principles go for the advertisements. They look as though they are from a real company or person; the ad does say sponsored like regular Facebook ad content. But when you click on it, you can either infect your computer with malware or unknowingly give away your login info.
Another example of social engineering via Facebook ads was back in 2011 after Steve Jobs passed away. A fake Facebook ad claimed that Apple was giving away iPads in honor of his passing. Well, that ad went viral and thousands of people clicked on the link, which in turn infected their computers and devices. As people become more desperate for stimulus checks and businesses continue to seek out various relief options, you can believe cyber criminals will again come up with every trick in the book to try to scam you.
Social engineering has gotten more complicated with (MIP) minimally invested profiles and (FIP) fully invested profiles, found mostly on Facebook and LinkedIn. MIPs are created in bulk. They usually have very little original content on them and usually a sexy or provocative photo is used as the main profile picture. They then solicit friend requests in hopes that certain users won’t look into the profile and simply add them. The reason for this is to be able to eventually send you malware via Facebook or LinkedIn messenger as well as post on someone’s Facebook timeline.
The FIPs that get created take a little more time and effort. However, they are more efficient because they really look the part. To an untrained eye, a profile like this could pass as an acquaintance. The best way to crack this mystery profile is by looking at their friends and content on their wall. If both of these raise even one red flag, it’s likely it’s a fake FIP profile. These are intended to target a specific person or vertical in an industry. This can usually be seen once you look into mutual friends or even do a reverse image search.
These are just a few of the main ways that social engineers are using social media to target people. Always be diligent and aware of your internet surroundings. If that’s tough, make sure your firewall and antivirus are up to par! Don’t let a social engineer manipulate you into surrendering your information.