September 04, 2023

How scammers attack your social media

Whether you use social media for business or pleasure, you need to be awake to the ways scammers can use these platforms to try to rip you off.

Cloning your social media account to impersonate you, posting ads to entice you to make purchases on fake websites that take your money and never deliver the goods, promoting investment and cryptocurrency scams and running fake competitions to gather personal information they can use for identity theft are just some of the methods criminals use to take advantage of social media users.

When Natalie’s* 22-year-old daughter sent her a Messenger text saying she needed $10,000 urgently but she couldn’t talk about why, Natalie was concerned about what sort of crisis Sophie* was facing. She tried to get hold of her daughter by phone but couldn’t connect, which wasn’t unusual as Sophie lives in a different city, has a demanding job, is often busy with friends and activities and prefers to message than chat. When Natalie received more messages from Sophie, who never asks her parents for money, she assumed it must be an emergency.  She began to make arrangements to transfer the funds, trusting her daughter would only be asking for the money if she really needed it. The language in the texts was so similar to Sophie’s usual messages, Natalie never considered the texts were not coming from her daughter. Then, the tone of the final message from her daughter’s Messenger account raised doubts in Natalie's mind about the authenticity of the texts, and she made another effort to contact Sophie. When she finally reached her daughter, Sophie had no idea what Natalie was talking about. Her Messenger account had been cloned or hacked and there was fraudulent activity on her bank account. Fortunately, Natalie hadn’t transferred the money and the family could work with the bank to secure Sophie’s account. But Natalie was shocked at how easy it was for a scammer to breach her family’s privacy and prey on her genuine concern for her daughter.

*Names have been changed

Many businesses, especially boutique sellers and producers, use social media as an affordable way to promote their goods and services. But this can put them at risk of being scammed.

Numerous reports have emerged of scammers hacking Facebook ad accounts and commandeering business accounts to run their own ads, resulting in bills totaling tens of thousands each week.

Another common scam involves using product photos from a legitimate business in an ad that directs the audience to a website selling counterfeit products, which damages the brand reputation of the company.

Jillian* is a boutique producer who sells her products through online retail. Last year she lost half of her online followers after her Facebook was hacked, and even 12 months later, she is unable to take full control of her digital presence on social media so she can begin advertising again. The hackers got into Jillian’s personal Facebook account through an email address that it seems was part of a data security breach. Jillian was no longer using the email address but it was still linked to her Facebook. With access to the old email address, the hackers were able to get around the two-factor authentication Jillian had set up and get access to her Facebook Business Manager. This also gave the hackers the ability to have full control of the Facebook and Instagram pages Jillian had set up to promote her business. After a few months of trying to get Facebook owner Meta to rescind the hackers access, Jillian decided it wasn’t worth the risk of having her business pages linked to the compromised account, so she cut her losses and setup new pages for her business. Although she was able to prompt many of her supporters to follow the new pages, she lost more than half, which has negatively impacted her sales. She is now battling with Meta to uncouple her business website from the compromised Facebook Business Manager account. Until that is done, she can’t run Facebook ad campaigns to drive people to her business website. It’s been a gut-wrenching experience for Jillian at a time when small businesses in New Zealand are already struggling financially.

*Name has been changed

How to avoid being scammed on social

Here are some tips from Facebook to stay safe on social media.

  • Don't click suspicious links: If you get a suspicious email, text or social media message claiming to be from Facebook, don't click any links or attachments. First, check in your Facebook settings to see whether it came from Facebook.
  • Report any messages that ask for your password or information such as your IRD number or credit card numbers.
  • Enable two-factor authentication to add an extra security layer to your accounts across the Internet. Two-factor authentication is one of the most effective tools for combating account compromise attempts here.
  • Ensure your social media passwords are unique – don’t use the same password across several platforms or reuse passwords you use for other online services
  • Turn on login alerts so that you'll be notified if someone is trying to access your account. Make sure that you review your previous sessions to ensure that you recognise which devices have access to your account.
  • Always log out of your account if you are using someone else's device or a device in the public domain
  • If you use social media for business, limit the number of people who have access to your ad account and set up two-factor authentication for that account. This requires users to provide both a unique code and a password to log into the account, and sends out an alert each time someone tries to log in from an unrecognised device
  • Businesses should keep the phone number and email address linked to their device updated. This can allow customers to recover their account more quickly and also prevents hackers gaining access to the account via an old email address