These include postings by false friends who seek money by claiming they’re stranded overseas, bogus account verification notices and cancellation warnings supposedly coming from Facebook (just like phony notices from your bank).
“There are two goals in most social media scams: to spread quickly and to make money,” says Gerry Egan of Norton online security products, who recently conducted a study of Facebook scams. With those billions of clicks per day, Like buttons help achieve that prompt and widespread propagation, particularly as Facebook users get wise to traditional social media scams.
In reviewing the current top Facebook scams, Norton experts detected 8.5 million attacks against customers using its software in the year that ended May 1. The two most common ploys employed Like button leverage. Here’s how:
Clickjacking. It’s like hijacking, only it’s a click of the Like button that the bad guys seize control of.
In one common version, you’re offered a chance to watch an enticing video. Click on the “Play” button and you’re really clicking on an invisible “Like” button that’s hidden behind it. You may now be taken to a page that announces you have to disclose personal information before you can watch the video. Provide it and still there’s no video — you’re taken instead to other pages to complete online surveys or be pitched dubious products.
Meanwhile, your Like is registered on your Facebook page, so your friends think you’ve watched the video and thought it was good. When they click “play” to try to check it out, the same sequence of events happens to them.
The scammer, meanwhile, is collecting a commission from shady merchants for every “Like” referral that’s generated.
So the two-part goal is achieved: Spread quickly and make money.
Meanwhile, the offer of cool videos is also a common method of spreading “malware,” programs that do nasty things once they enter your computer. You’ll know you’ve been targeted this way if a pop-up appears saying you need to install special software to watch a video, says Egan. Don’t do it.
"Like"-baiting. Unlike clickjacking, this ruse gets you to knowingly click a "Like" button. The goal is the same: squeezing personal information out of you to create commissions for scammers. But rather than a phony video, the incentive is usually free tickets or an entry into a drawing, says Egan. “Instead of stealing your click, they get you to provide it voluntarily by promising free gifts.” And of course the gifts don’t materialize.
To protect yourself against these and other Facebook scams:
- Be cautious about hitting that Like button, as well as placing too much personal information on your Facebook page. If you post pictures about a recent ski trip, for instance, you may be contacted by cybercrooks offering free lift tickets as part of a “Like”-baiting ploy.
- Don’t trust Likes by others. “Especially when you get a notification from a friend that seems out-of-character, call that person before you click,” suggests Egan.
- Use Facebook-specific settings on your security software. You may not know it, but many products offer protection customized to viruses and malware found on the social network site.
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.