Social media platforms like Meta, formerly known as Facebook, have become a gold mine for phishing scams that target ordinary people and trick them into giving up their personal and financial information. These scams often use fake profiles, messages, and ads that impersonate celebrities, influencers, or friends to lure unsuspecting victims into clicking on malicious links or downloading malware.
According to a report by the cybersecurity firm Proofpoint, phishing attacks on social media increased by 74% in the first half of 2023, compared to the same period in 2022. The report also found that Meta was the most popular platform for phishing, accounting for 61% of all social media phishing attacks.
One of the most common types of phishing scams on Meta is the celebrity impersonation scam, where scammers create fake profiles or pages that mimic the appearance and name of a famous person, such as an actor, musician, or athlete. The scammers then use these profiles to send direct messages or post comments to their followers, offering them various rewards or opportunities, such as free gift cards, concert tickets, or charity donations. However, in order to claim these rewards or opportunities, the victims are asked to click on a link that leads them to a fake website that asks them to enter their personal or financial information, such as their name, address, credit card number, or social security number. Alternatively, the link may download malware onto their device that can steal their data or lock their files until they pay a ransom.
Another common type of phishing scam on Meta is the friend impersonation scam, where scammers hack into the accounts of real users and use them to send messages or post comments to their friends, asking them for help or money. For example, the scammers may claim that they are stranded in a foreign country and need money to return home, or that they have a medical emergency and need money for treatment. The scammers then ask their friends to send them money through a wire transfer service or a cryptocurrency wallet, or to click on a link that leads them to a fake website that asks them for their personal or financial information.
These phishing scams can cause significant losses and damages to the victims, who may not only lose their money, but also their identity and privacy. According to the Federal Trade Commission (FTC), consumers reported losing more than $3 billion to fraud in 2022, and more than $1.2 billion of that amount was lost to imposter scams, which include phishing scams.
We advise users to be vigilant and cautious when using social media platforms like Meta. Here are some tips to avoid falling victim to phishing scams:
- Do not trust any message or comment that offers you something too good to be true, such as free money or prizes. If it sounds too good to be true, it probably is.
- Do not click on any link or attachment that you receive from someone you do not know or trust, or that looks suspicious or unusual. If you are not sure about the legitimacy of a link or attachment, do not open it.
- Do not provide any personal or financial information to anyone who contacts you online, unless you have verified their identity and authenticity. If someone claims to be a celebrity, an influencer, a friend, or a representative of a company or organization, do not take their word for it. Check their profile for signs of verification, such as a blue check mark next to their name. Also check their URL for signs of spoofing, such as misspellings or extra characters. If you are still unsure, contact them through another channel, such as phone or email.
- Do not send any money to anyone who asks you for help online, unless you have verified their identity and authenticity. If someone claims to be in trouble and needs your help urgently, do not panic or act impulsively. Ask them for proof of their situation and identity. Also ask them why they cannot contact anyone else who is closer to them or more capable of helping them. If they refuse to provide any proof or explanation, do not send them any money.
- Use strong passwords and multi-factor authentication for your online accounts. This can help prevent hackers from accessing your accounts and using them for phishing scams. Also change your passwords regularly and do not use the same password for multiple accounts.
- Use antivirus software and firewall on your devices. This can help protect your devices from malware and other threats that may come from phishing links or attachments.
- Report any suspicious activity or scam attempt to the platform and the authorities. If you encounter any message or comment that looks like a phishing scam on Meta or any other social media platform, do not respond to it. Instead, report it to the platform using the report feature. You can also report it to the FTC at [ReportFraud.ftc.gov] or call 1-877-FTC-HELP (1-877-382-4357). This can help stop the scammers from harming more people and bring them to justice.