How to protect your social media accounts from fraud
Social media presents a trove of personal information and contacts that criminals can exploit to commit fraud. Reduce the risk with these expert tips.
By now, just about every social media user has encountered a situation where a friend’s or associate’s account has been compromised. The user may have warned their contacts not to respond to invitations from people impersonating them. You personally may have received an invitation to connect with somebody already in your list of contacts or, worse, been hacked or impersonated yourself.
What is the game here? What are fraud artists trying to accomplish?
“The premise of social media is that you’re creating and keeping in touch with a circle of trusted contacts,” says Julie Kuzmic, senior compliance officer, consumer advocacy at Equifax Canada. “Your network of contacts is valuable to criminals.”
Social media fraud typically takes one of three forms:
“I’ve seen situations where somebody starts a conversation as if the recipient already knows them. That person may say, ‘You’ve got the wrong person,’ to which the fraudster responds, ‘Oh, my apologies for making a silly mistake,’” Kuzmic says. That interaction can serve as a foot in the door with an account holder who may be lonely or perceive that they have something in common with the person who initiated the exchange.
“That seemingly harmless interaction can build over time,” Kuzmic says. “It might be a multi-step process that the fraudster will nurture along to build trust.”
The fraud artist may start by sharing legitimate information about a great deal on a product on sale. Only later, once a level of trust has built up, they might suggest going in on an investment together or otherwise creating a scenario where they can separate the target from their money.
When criminals take over an account or impersonate a social media user, they often try to recruit more victims. They may also reach out to the user’s contacts, who—because they trust their friends—may be more likely to respond. Contacts may also be reassured by the number of other acquaintances they have in common.
“It turns into a kind of higher-percentage phishing scam,” Kuzmic says.
The doors left unlocked to criminals using social media can include easy-to-guess passwords, open privacy settings, and corroborating personal information obtained from other sources.
For social media users, the best defence against being defrauded includes:
Kuzmic notes that simply accepting an invitation usually won’t, in itself, put you in danger. It’s what happens next—fraudsters may ask for help with a financial shortfall, for example.
“Any time a sense of urgency is attached to the request, that’s a red flag,” she says. “Remember, you can always verify whether a request is genuine; for example, contact the person by phone, via email, or on another social network.”
If you think your account has been compromised, contact the social network and follow its recovery protocol. Also alert people on your contact list, preferably through other media, to warn them against approaches by people who claim to be you.
If you think your account has been compromised, contact the social network and follow its recovery protocol. Also alert people on your contact list, preferably through other media, to warn them against approaches by people who claim to be you.
