As a CERTIFIED FINANCIAL PLANNER and financial coach, informing clients and the public about financial scams is just a part of what I do. While I wish that scams weren't so prevalent, there are always people looking to take advantage of others. Their end goal typically has something to do with money. As with most things, being informed is the best way to combat scams and protect yourself from falling victim to them. Online scams have become all the rage in the digital world, and they're all over the place. Whether you're on Facebook, Twitter, or various other social media sites, you're likely to run across some form of online scam.
It's easy for many of us (especially those who are less involved in technology) to believe scams to be overly elaborate hacking schemes carried out by governments or knowledgeable hackers. However, most hacking, scams, theft are carried out by various forms of social engineering. What's social engineering? According to Norton Antivirus's website, "Social engineering is the act of tricking someone into divulging information or taking action, usually through technology. The idea behind social engineering is to take advantage of a potential victim's natural tendencies and emotional reactions."
While practices and social engineering methods can vary in elaborate and sophistication, they're often as simple as tricking someone into sharing a tidbit of information about themselves that seems to be insignificant at the time.
One reason that it's challenging to protect yourself and others against online scams, like those found on Facebook, is because fraudsters, hackers, and social engineers never stop adapting. It's impossible to accurately predict what "the next" Facebook or social media scam might be; however, being familiar with existing scams does two things. For starters, being familiar with existing scams stops us from falling victim to current tactics. If nothing else, this is a good starting point for protecting ourselves and our livelihood/identity. Secondly, being familiar with existing scams helps us identify what to look for in emerging scams.
Facebook scams could be as innocuous as comments on a post or a direct message from a friend. They could also be present in trends, like quizzes or "Copy & Paste" posts. It's essential to keep in mind that these scams are most often geared at acquiring our passwords or answers to our security questions.
One battle that Facebook has been battling for some time is advertising scams. Scams like these usually "offer" some benefit of inputting your information to a form or link to a malicious website. Though they've done a decent job at limiting the number of fake advertisements and sponsored posts, it's nearly impossible to eliminate them entirely. These are especially heinous because they seem like a regular advertisement (though they may not be sponsored at all).
Some Common Facebook Scams
Facebook and social media scams come in many forms. To some, scams may be difficult to identify, while others may pick up on them right away. As I mentioned, the best way to avoid scams is by being informed of existing ones. These are some of the most common scams that users fall victim to online.
Random messages from friends may include links or ask you for information. Sometimes hackers gain access to other user's accounts and use them to spread viruses or gather information. While our direct messages are secure most of the time, you should be sure that you're clicking on a real link. Don't click on links that are to websites you don't recognize. Hackers are sophisticated; because of this, they'll often make it appear that a link's preview isn't loading; this is another way they "socially engineer" people to click. Suppose your Facebook friend messages you asking you for personal information. In that case, you should always double-check by calling, texting, or asking them in person (but it's best to not share personal information online at all).
Duplicating accounts is another way that scammers may try to get information. If your friend has accepted a request from someone they don't know or has a publicly open profile, someone else could copy their pictures and profiles and friend request their Facebook friends. After doing so, they may begin messaging their friends' links, asking for information, or posting links to malicious websites. If you get a friend request from someone you're already friends with, be sure to ask them via text, phone call, or in-person whether the new profile is really them. If it's a fake account, be sure to report it by navigating to their profile and clicking "Find support or report profile."
Sketchy businesses may use Facebook pages to link to their website, offering free trials in exchange for your information. Be sure that you're careful what information you share with businesses online because it's effortless to create a seemingly legitimate business. Off of Facebook, they could ask you for information that may jeopardize your account by prompting you to create a profile, fill out a form, or visit a website.
Copy & Paste scams are all over Facebook. While most of these are innocent, some are ploys to obtain answers to commonly used security questions. If you enjoy filling out these, be sure that you're aware of your security questions and leave the answers to those blank. Be sure to limit who you share information with because while the answers may not be your Facebook security question answers, they could be for other websites - like financial institutions or email addresses.
"Is This You?" scams act on our instinct for self-preservation by tricking you into believing you're clicking a link to a video of yourself. In reality, these links are most often to malicious websites meant to install a virus onto your computer or skim information from your web browser. These were mostly sent as direct messages; however, in recent years, they've been circulating as public posts. By posting publicly, hackers create a sense of urgency in the victim to see their video before anyone else.
Free money is rarely free. However, there are always new people to scam who are naïve. If you see a link to click to "get free money" or "claim a prize," don't click it - it's fake 99.999% of the time. How to Protect Yourself Against Advertisement Scams
If something seems fishy (or phishy) about an advertisement or sponsored post, there are a few ways you can check the legitimacy of what you're about to click on. Start by checking to see if the post is sponsored; if there's usually a disclaimer directly under the Facebook Page name, that's sharing the post. Facebook attempts to vet their sponsored ads, which works moderately well. While you can't entirely trust an advertisement because it's sponsored, it's a good sign.
After checking to see if a post is sponsored or not, you can click on the comments section. If comments are disabled, that's a bad sign. Other than that, check to see if anyone in the comments section raises their suspicion about the post's legitimacy. If the post seems sketchy, but users are raving about the company or product, click on a few profiles - they might be fake. If it appears that the Facebook page is creating users to post on their own "ads," that is a huge red flag.
While you want to be wary about clicking any link that takes you to a different website, you're generally safe as long as you stay on Facebook's actual website. If you're still having a hard time discerning the legitimacy of the "ad" in question, click on the company's Facebook page and check out reviews/comments on their page. If, at this point, you're questioning the company's legitimacy, you should most likely steer clear of them.
Those are a lot of steps to just tell if a company advertising on Facebook is legitimate or not. Still, they could save you a lot of heartaches. If that's all just too much, or if you're wanting to take it a step further, there is another way to check out a company's reputation! Google the company's name followed by the word scam. For example, if a company named "Financial" posted something questionable on Facebook, you could google "Financial scam." This won't always work, but often when people run across scams online, they post about them in various places on the web, and googling is a quick and easy way to cross-reference!
Scams Vs. Legitimate Advertisements
Most of the time, but not always, Facebook identifies and quickly removes scammy or illegitimate advertisements. The easiest way to quickly discern whether a post is an actual advertisement or a scam is by checking right under the Facebook page's name on the post. If a post has been vetted by Facebook and is genuinely a sponsored post, it will say "SPONSORED." It's important to always check to see if a post is sponsored or not, because occasionally you may run across scams that are "suggested for you." This is one way Facebook's algorithm attempts to connect us with posts it believes we will enjoy. However, it often shows us posts from pages that we don't follow, which is one way that scammers may try to get an audience.
Check Your Privacy Settings
Though advertising scams are emerging and becoming a prevalent problem, most scams online are peer to peer. This means that you should be excessively safe about who you're friends with and what you're sharing online. Luckily, Facebook makes it relatively simple to see what we're sharing with who. Begin by clicking the down arrow next to your notifications button; after this, click settings & privacy. Click the button that says "Privacy Checkup," here, you'll be able to quickly review your Facebook privacy settings and edit things like who can see what you share, how people can find you, your data settings, and your ad preferences. This isn't the end all be all of digital safety. However, it's a significant first step in securing your information on Facebook.
Don't Click Links in Comment Sections
Usually, it's straightforward to tell when someone's trying to scam in comment sections. Scams like these typically say something like, "Wow I can't believe it actually worked" or "I used this to lose thirty pounds last week." The bottom line here is that you should ideally totally avoid clicking on any link in the comments section of a sponsored post, suggested post, or anything that's been shared by a large page.
If you're clicking links in comments sections, make sure that you're ONLY clicking links to reputable and recognized websites, never click a link that directs you to an unfamiliar website, and avoid clicking links that are shared by people you don't know online.
Good Digital Practices
We've discussed how to avoid specific scams, how to secure what you're sharing with who, and some general advice of things not to do online. Let's take it a step further and lay out some acceptable digital practices. Following these guidelines will help you avoid most scams online; however, you'll still need to be wary and use good digital sense. As I've stated, online scams are ever-evolving as hackers, thieves, and phishers continue to refine their techniques. This means you can never be truly at ease.
Only Friend People You Know. Never send friend requests or accept friend requests with people you don't know in real life. This will ensure that you're friending "a real person." By doing so, you're limiting the quantity and improving the quality of people you interact with online, which will keep your data and shared information safer.
Limit What You Share Online. We've heard this since the internet gained popularity, but don't overshare on Facebook. If you're going on a vacation, wait until you're back to post all of your pictures (so people don't know you're out of town). Don't publicly give out your telephone number, email address, passwords, or other sensitive information.
Don't Share Answers to Security Questions. Security questions are a way of recovering/changing passwords. If someone has the answers to your security questions, they basically have access to your account. While it's bad practice, people often use the same security questions online, which means that if someone has access to your Facebook security questions, they may also have access to your bank security questions.
Don't Share Your Password. It seems like common sense, but it needs to be stated because people still (surprisingly) do this. NEVER share your password online, whether in a message, post, email, or anything else. Creating a digital trail of your password only creates a liability online that someone may be able to take advantage of days, months, or even years down the line.
Diversify Your Passwords. Don't use the same password, and don't use passwords that are easily guessed. By using different passwords, you're making it harder for hackers and scammers to pry into multiple accounts. Use especially strong passwords for things like bank accounts and email addresses.
Don't Click Links You Don't Recognize. One of the most common ways to hack, scam, or install malware on someone's computer is to get them to click a link, which downloads a virus. Don't click on links to websites you don't recognize whether they're delivered in a comments section, direct message, or email.
Keep Your Emotions in Check. Scammers often try to use our emotions against us by creating a sense of urgency to click something or share information before it's too late. Don't let anyone rush you into something online before you have time to "think it out" or research.
Run it by Your Financial Planner
Being safe online has a lot to do with knowing who you're in contact with. I work with my clients to create one-of-a-kind financial plans specifically designed and tailored to the individual. Please feel free to call or email and schedule an appointment with me. If you want to know who you're working with and make the most out of your financial plan, I'm here to get the job done! Be sure to contact and consult your financial planner or financial coach before making any online money moves!
Until next time...this is Melissa Making Cents!
Melissa Anne Cox, CERTIFIED FINANCIAL PLANNER™, is also a College Planning and Student Loan Advisor and Financial Coach in Dallas, Texas.