KUCHING: According to a research report by Webcertain Group1, the number of social media users in the Asian-Pacific region is expected to hit one billion by year-end, almost five times the total in North America. Social media browsing has become a daily routine for almost everyone due to the usage of smartphones and tablets in everyday life.
The latest 2014 Mobile Behaviour Report by Salesforce2 showed that 75 per cent of consumers access to social media at least once per day through smartphones and 64 per cent of tablet users do the same using their tablets. As social media is now a common destination for mobile users, it has also become one of the favorite attack hotspots for cybercriminals. Trend Micro uncovers nine social media scams, such as ‘The Facebook colour changer’, ‘Who viewed your facebook profile’, and ‘Naked videos’, that cybercriminals leverage to spread malware infection to PCs and smartphones or steal personal information by luring users to click on phishing sites.
“Social media scams are increasingly popular,” said Terrence Tang, senior director of Consumer Business, Asia Pacific, Trend Micro. “They lure users to install third-party apps through social media posts or trick users to click on phishing sites that cause malware infection. Users are advised to be ever vigilant when they surf online. Always check the source of posted links and apps. Change social media passwords regularly. As many users are now accessing social media through smartphones and tablets, they should install a mobile security app that offers additional privacy protection, like the Trend Micro Dr Safety free app, to protect their devices and personal information from prying eyes.”
Here are nine popular social media scams Trend Micro has identified:
1. The Facebook Colour Changer app: This app appeals to users with the feature to personalise their Facebook color. But it also leads users to phishing sites and tricks them to share the app with friends. It also uses a tutorial video to trick users to click on an ad. It hijacks users’ profile and spams users’ friends. It even infects mobile devices with malware.
2. Who Viewed Your Facebook Profile app: This Facebook scam lures users with messages from friends or ads posted on their walls and invites users to check who viewed their Facebook profiles. Once clicked on, users’ profiles and their social network will be exposed to the scammer.
3. Facebook Videos with Enticing Titles: Cybercriminals often use enticing titles like ‘Not Safe for Work’ or ‘Outrageous’ to lure users to click on videos that redirect them to phishing sites and steal their personal information. This scam can also cause malware infection to users’ devices, such as Rootkits that are hard to clean.
4. Facebook Fake Naked Videos: Facebook scams of naked videos usually come in the form of ads or posts with links that take users to sites that host bogus YouTube videos. Such fake sites then prompt users to install an update to fix their ‘broken’ Adobe Flash Player. Once clicked, the fake Flash Player installer will infect the device by installing its malware (usually a Trojan) as a browser plugin. Not only does it steal Facebook photos from users, it also invites their friends to watch the same video, and the ruse continues.
5. Instagram InstLike app: Thousands of users worldwide have installed the InstLike app in the hope to boost their Instagram likes and followers.
Unfortunately, this app takes advantage of the passwords and other information they collect from users to boost their own growth, spreading the infection even further. Despite being reported, unwitting users are still being duped by InstLike as it continues to be in business.
6. Twitter Instant Followers apps: Apps that promise instant Twitter followers usually cause users’ to fall victim to scammers, who leverage user accounts for further spamming and attacks.
7. Twitter Bait Scam: Some scams send messages like “Just saw this photo of you” to trick users into clicking the malicious links in the messages. The scam can hijack users’ Twitter accounts and send their friends further spam messages, luring them to phishing sites that steal personal information.
8. Tumblr Dating Game: The Tumblr Dating Game has lured many users to click the links in its messages and make them create dating accounts, which only lead them to ads or adult pages that generate revenue for the scammer.
9. Pinterest Bogus Pins: Scammers post bogus pins that advertise free giveaways to lure users to false surveys or phishing sites. It also spams their followers to further expand their attack.