How your Facebook profile is leaving you exposed to online scams

Fraudsters use many subversive methods to collect information and impersonate targets, but many social media users have unknowingly handed scammers all the data they need to defraud them.

Victims often consider themselves unlucky if they have been taken in by a canny criminal who persuades them that they are calling from their bank or the police. But many victims have made scammers’ lives easier by broadcasting personal data freely on the web, on social media websites such as Facebook, Instagram and Twitter.

Birthday messages, celebrating a new home or even revealing where you work on social media can lead to cyber criminals knowing enough about you to steal from you, especially if they have obtained information from elsewhere, according to Mantas Sasnauskas, of CyberNews, a cybersecurity research company.

Mr Sasnauskas recommended that users should be wary about what they post online and should think carefully about their “digital hygiene”.

“Pretend you are at a bar with strangers when you post online,” he said. “Share information on social media as you would share that information with a total stranger, especially if your social media accounts are public.”

As well as keeping personal data off social media accounts, it is also crucial to remember not to click suspicious links or download strange files, even if a friend has sent them, said Mr Sasnauskas, because their account may have been compromised.

He pointed to a campaign by hackers that tricked hundreds of thousands of users into clicking a link in a message which showed their picture superimposed on a fake YouTube video. The message asked “is that you?” in an attempt to pique the recipient’s curiosity and linked to a webpage infected with malicious code intended to steal the user’s credentials.

The information could then be used to impersonate a person to their bank and persuade them to move money, invest in fake investment schemes or trick them in romance scams by knowing their relationship status. Janine Wright*, 30, from London, lost about £200 when her accounts were breached. She could not tell the source of the leak, but the attackers were able to glean enough information about her to impersonate her and buy goods online. The ordeal left her “confused, scared and anxious,” she said. She warned readers to be careful with their personal information.

In 2020, Britons were tricked into sending £479m to criminals pretending to be banks, investment firms, police or people in other trusted positions by knowing enough about their targets. Less than half was refunded.

Data can even be used for old-fashioned crimes such as burglary if your account is publicly available, and thieves can see when you are away from home.

While the source of a hack is often obvious after the fact, especially when a clickable link has taken a user to an unexpected page, it is not always possible to detect if criminals have gleaned the data they need from social media.

If the worst happened and you suspected someone had accessed your account, change the password immediately. If it is too late for this, secure any accounts which share a password first, especially your email. If you lose control of the email address linked to your account, it will be much harder to recover it. Then attempt to recover your account by searching for Facebook’s tool for this. A friend on Facebook can help prove you are the correct account owner.

Make sure to warn your friends to be wary of any messages they receive and not to click any links or assist the hackers in any way or send them information or money.

*Name has been changed

Have you been the victim of a scam? Share your experience in the comments section below