Fraudsters - making Social Media an antisocial place

There’s been another round of phishing emails talking about the progress of your MyO2 account, so we’d like to remind you to be careful whilst reading your emails.

These days, it’s difficult to find someone who doesn’t have some kind of presence in the world of Social Media – be it on Facebook, Twitter, LinkedIn, or one of any number of other sites.

It stands to reason, then, that the popularity of Social Media will inevitably lead to an increase in something far less sociable – Social Networking and ID Fraud (using public records).

Used by fraudsters to either gather personal information (phishing), extort money, or expose unsuspecting social users to malicious software like viruses or botnets, Social Media Scams are on the increase. With this in mind, we wanted to give you the lowdown on what it involves, and how you can prevent it.

So, how is it done…?

The fraudsters make fake profiles and will try to create links with people (adding as a friend on Facebook, etc), in order to then entice them to disclose personal or financial information. You’re probably thinking, ‘but I wouldn’t tell that to anyone?’ – but think about it… your ‘friends’ on Facebook can see information that non-friends can’t. Think about some of the more common security questions used – What’s your date of birth? Where were you born? What was the first school you attended? What’s your mother’s maiden name? What’s the name of your pet? – The answers to all of these questions could potentially be seen by ‘friends’ via your profile information, or even in your status updates. Fraudsters will use information from a number of sites to create a profile which could enable them to impersonate you or steal your identity.

Links on profiles should also be viewed with caution – fraudsters will set up phishing websites, disguised as something interesting, appealing or even controversial, to entice those who see it to click. Sometimes, they’re able to capture your social login details and post their links to your friends without you realising.

When you’re using social networks on your phone, it’s often likely to be the case that you’re less vigilant against this type of activity, as you’re out & about and potentially more easily distracted by the things in the world around you.

How can I prevent it…?

  • If you use your phone to access social sites, email accounts and sensitive content such as bank accounts, be extra careful about the authenticity of the sites you’re visiting, particularly on your phone when it can be harder to spot bogus sites.
  • If something leaves you with even a hint of suspicion, trust your instincts – as with all frauds, if something looks too good to be true, then it probably is.
  • Check your profile to see what personal information is visible, and to whom. Any personal information that  you’re comfortable sharing should only be shared with friends. If you choose to share your birthday on social sites, consider sharing only the date, without your year of birth.
  • Consider your friend requests carefully before accepting them, and use any additional features on the site you’re using, such as the ‘acquaintances’ feature on Facebook, to customise who can see what.
  • Don’t click unknown links – always go to a company’s official homepage and log in to their secure site
  • Keep your anti-virus software up to date.

Some more traditional forms of fraud have evolved to be used in social media, such as phishing scams which use spoof login pages to gather your login details and passwords.

At O2, we’re constantly on the lookout for fraudsters who set up a page which looks just like the login page at o2.co.uk. Then they’ll send an email (or post on social networks) with a link – the text of the link will read ‘o2.co.uk’ but, in fact, the link leads to a different site entirely. Normally, hovering over the a link will bring up the actual destination in the bottom left corner of your browser window:

To ensure your safety online, try to get into the habit of manually entering the address of the site you’re visiting into your browser’s address bar. If you’re unable to do this, always check that the address is correct. When you arrive at the O2 website, the address should always begin with ‘http://o2.co.uk’. You may sometimes notice that the first part automatically changes to ‘https://’ – this is normal and indicates that you’re visiting a secure part of the website, such as the login page.

If you’ve received an email which you suspect to be a phishing attempt, forward it to phishing@o2.com.

For more information about phishing from our support pages, click HERE.

For more information and advice on how to safeguard against fraud, visit the Fraud Advisory Panel.