Social Media Scams- Surveys & Questionnaires are not just fun for you and your friends, it's like hitting the jackpot for scammers.
Cybercriminals go where the numbers are, and that includes popular social media sites. They all have one thing in common: they want something from you and they are trying to get it by using social media to manipulate and deceive you.
All-important security questions
Security questions, or Knowledge-Based Authentication (KBA), are the personalized questions, like ‘What’s the name of your first pet?’ or ‘What street did you grow up on?’ that you set up on secure websites to help verify it is really you logging in. These questions are to help prevent ID theft and fraud.
To be safe online, don’t choose the same common security questions and password options that everyone else does. If your security questions are devised well from the start, you won’t have to worry as much about accidentally giving away personal information to potential hackers. Topics to avoid include:
- Favorite foods or colors
- Vehicle make and model
- Birthdays and important dates
- Family members’ names
- School name and location
- First job
Some items could potentially change over time, and the rest are likely easily discovered simply by perusing a target’s Facebook news feed, or postings on other social media sites.
When setting up your security questions, it’s best to draw on something more obscure: “What was the last name of your third-grade teacher?” or “What was the name of the boy or girl with whom you had your second kiss?” The answers to these questions should be easy enough to recall when needed, but are not likely to be found anywhere on a social media news feed.
With increasing numbers of people using the internet to share life moments on social media, experts are finding online users over-sharing key data points to their online financial information as well.
With just a little bit of information obtained through online searches and social engineering, people can find out other things about you and keep building on it. It only takes one seemingly small piece of personal information to leave you vulnerable, even basic information like names and addresses. These tiny bytes of data can be built upon until a hacker has a pretty good array of information to work with.
Keep it to yourself
Seemingly innocent Facebook posts have gone viral. For example, to partake in the fun, users simply the names of 10 musical events/concerts they had attended at some point in their lives. Nine of those concerts were to be true, and one was supposed to be a lie. Once posted, friends could comment on which concert they believed to be false.
The problem with the “10 Concerts I’ve Been To, One Is A Lie” post is that it provided a wealth of information hackers could use to log into personal accounts or steal the identities of unsuspecting Facebook users. Privacy experts caution that the “10 Concerts” post could reveal too much about a person’s background and preferences. The first concert you attended might be a security question you’re asked on a banking, brokerage, or similar website to verify your identity. The lesson here is to safeguard information about you, even though it may seem inconsequential.
Beware of surveys
Cut-and-paste social media surveys have been popular for some time now. Typically, a user will copy a question or list of questions from a friend’s status or a Facebook page, paste it in his or her own status box, and replace the previous user’s answers. Many such surveys contain questions that could easily reveal information used in KBA security questions.
For instance, a Facebook status survey by Status Games includes such questions as:
- Who was the last person you texted?
- Where was your profile picture taken?
- Have you ever lost a friend?
- What song did you listen to last?
- What’s your relationship status?
- How many siblings do you have?
- What are your brothers’ or sisters’ names?
You can see how answers to these and other seemingly innocent questions can provide a vast amount of information from which a hacker could derive or guess the answers to security questions. Some can even divulge the schedules and habits of targets (for example, when they are home, if they live alone, when they go to work).
Bottom line: Don’t let your guard down. Sites that attract a significant number of visitors are going to lure in a criminal elements so be sure to protect your personal information anytime you’re online, even if it seems like harmless fun.
Text Message Scams & Robocalls
As the novel coronavirus (COVID-19) pandemic continues to impact the United States, phone scammers have seized the opportunity to prey on consumers.
The FCC has received reports of scam and hoax text message campaigns and scam robocalls offering free home testing kits, promoting bogus cures, selling health insurance and preying on virus-related fears.
A text message scam may falsely advertise a cure or an offer to be tested for coronavirus. Do not click on links in texts related to the virus, and check cdc.gov/coronavirus for the most current information.
Text message hoaxes may claim that the government will order a mandatory national two-week quarantine, or instruct you to go out and stock up on supplies. The messages can appear to be from a "next door neighbor." The National Security Council tweeted that these are fake.
A text message scam impersonating the U.S. Department of Health and Human Services informs recipients that they must take a "mandatory online COVID-19 test" with a link, warns the BBB.
Scammers are also using robocalls to target consumers during this national emergency.
For example, the World Health Organization recently issued a warning about criminals seeking to take advantage of the pandemic to steal money or sensitive personal information from consumers. It urges people to be wary of phone calls and text messages that purport to be from the WHO, or charity organizations, asking for account information or for money.
The FCC has received reports of robocalls purporting to offer free virus test kits, in an effort to collect consumers' personal and health insurance information. One pernicious version of this scam is targeting higher risk individuals with diabetes, offering a free COVID-19 testing kit along with a free diabetic monitor. Other robocalls are marketing fake cures and asking for payment over the phone.
The Federal Trade Commission and the U.S. Food & Drug Administration have posted consumer warnings about fake websites and phishing emails used to promote bogus products.
Opportunists are also making robocalls to offer HVAC duct cleaning as a way to "protect" your home and family from the virus.
Fraudsters are also preying on financial fears tied to the pandemic. The FCC is aware of robocall scams with COVID-19 themed work-from-home opportunities, student loan repayment plans, and debt consolidation offers. Consumers aren't the only target. Small businesses are also getting scam calls about virus-related funding or loans and online listing verification.
Many consumers will receive checks as part of the federal government response to the coronavirus. No one will call or text you to verify your personal information or bank account details in order to "release" the funds. The Treasury Department expects most people to receive their payments via direct-deposit information that the department has on file from prior tax filings.
If you think you've been a victim of a coronavirus scam, contact law enforcement immediately.
The FCC offers the following tips to help you protect yourself from scams, including coronavirus scams:
- Do not respond to calls or texts from unknown numbers, or any others that appear suspicious.
- Never share your personal or financial information via email, text messages, or over the phone.
- Be cautious if you’re being pressured to share any information or make a payment immediately.
- Scammers often spoof phone numbers to trick you into answering or responding. Remember that government agencies will never call you to ask for personal information or money.
- Do not click any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to make sure they weren't hacked.
- Always check on a charity (for example, by calling or looking at its actual website) before donating. (Learn more about charity scams.)
For more information about scam calls and texts, visit the FCC Consumer Help Center and the FCC Scam Glossary. You can also file a complaint about such scams at fcc.gov/complaints.
Check this page often for updates on COVID-19 related scams.