Any veteran of social media has at one time or another put face-to-palm when they see another one of their contacts trying to distribute yet another scam through their profile. There is no escaping it. Whether it’s a third-party application that promises free coupons or a tweet promising a free iPad, illegitimate offers wanting your PII (Personally Identifiable Information) are everywhere. If this were 10 years ago, you would hear me complaining about e-mail or IM spam. Sure these spam attempts still happen, but that is broad attacks at best. E-mail or IM spam doesn’t even know your gender most of the time, let alone what demographic you may fall under. That’s what makes Social Media spam such a lucrative trade. Never before have people been so compelled to give away so much information about themselves. The content that we end up posting on social network sites is so descriptive of our personal lives that even corporations are asking for your content during the interview process.
It’s not difficult to tell if someone close to you has been hit by a spam attack. If their profile has been hijacked, then you can expect to see the same messages to several friends – always with a shortened URL link. Your best defense is to be weary of links that you receive, even if they are from trusted sources. You should also take a moment to explore what privacy settings you already have in place. The goal should be to make sure that your information is not accessible without your explicit knowledge.
Spammers are able to find you and send targeted attacks, if you share all of your information with the open web. Any kind of application that you use to access a social network is acting as the middleman for your data. This usually means that you are allowing them access to your data in exchange for their ‘free’ service. What they do with that information after they provide their service is up to them.
Before you click that link, be more skeptical. Does this person really want to give me free money? Unfortunately, we don’t live in that kind of world. The more likely answer is that they are looking to sell your information to advertisers for other scam attempts. I could be wrong of course. A smartly-dressed woman could always show up in a diamond -crusted Bentley with $500 and a promise of a new monetary system that will work out in my favor.
Let’s use a recent scam example seen on Facebook. A common attack method on Facebook is to create a third-party application that immediately redirects the user away from Facebook. This could be as harmless as trying to build SEO tracking to a site or propagating something malicious to your PC. In this case, it’s just a scam to get more traffic to a site selling shoes. It starts as most of these scam attacks start: a buddy clicked something they should not have and now a third-party application on Facebook is posting messages as them. To make sure that their friends view the content, they tag them in a picture.
Now they’ve got you on the hook. If you happen to click that link, you are navigated first to a Facebook Application page that only redirects to a site not belonging to Facebook.
Applications like this one are a dime a dozen. Facebook has been under heat in the past for allowing this kind of activity. This is an unavoidable side effect whenever you provide an open web platform for users to create their own applications. Facebook deletes the malicious ones, but they haven’t done an outstanding job of policing these in the past. In this case, the user is immediately taken to a blogger page that looks like this:
There are a few tools that you can use in your browser to make sure your exchanges on social media are kept as private as possible. I recommend Ghostery for detecting any invisible trackers that exist on most web pages. These are usually advertisers trying to capitalize on your digital presence. Unless you intend to read a 30-page EULA describing what they are allowed to do with your data afterwards, just block it. Another useful tool is called LongURL. This allows you to see the link you are about to click. It will also help you avoid getting hit by that one friend that is always rickrolling people.