Learn more about social media scams
Social media scams are a variety of posts you will see in your news feeds- all with the goal of getting you to click on a link that could potentially be hosting malware.
Some of the scams include:
-
Likejacking
Likejacking is a type of trick used by cybercriminals that takes advantage of a social sharing and approval feature found in Facebook to vastly increase the reach of their scams. Users are typically presented with offers such as the chance to win a prize. If a user clicks on the link for the prize, they unknowingly 'Like' an item on their social network profile.
-
Copy-paste scam
Copy-paste scams take advantage of a user's social network account to spread. Cybercriminals use lures to trick users into running a script that will spread unwanted spam messages to other user's accounts by making automated postings. These automated postings will in turn attempt to propagate the scam using the same tricks.
In order to run, copy-paste scams require a user to manually copy and paste the script, so its ability to spread is somewhat limited.
-
Event scam
Event scams involve a cybercriminal creating a Facebook event page in order to redirect users to a malicious website, gather users' personal information, or gain access to their Facebook profiles. The cybercriminal typically invites a large pool of users to the event page to increase the number of potential victims.
-
Fake plugin
Fake plugin scams attempt to trick social media users into installing a malicious web browser plugin. Cybercriminals may do this by spreading videos with shocking headlines on social media. When users click on this video, they will be prompted to install the malicious browser plugin in order to view the offered content.
-
Fake offer
A fake offer scam spreads through social media posts, claiming to give users the chance to win prizes. However, the cybercriminals will not follow through on this promise, instead leading the user to a survey or malicious website, convincing them to spread the offer further, or submit their personal information.
-
Comment jacking
Commentjacking is a trick used by online cybercriminals that misleads users into sharing a post by tricking them into submitting a comment about it. Cybercriminals use enticing headlines to get users to click on links to videos. Once users click on the link, they are presented with a fake captcha test. When the user completes the fake captcha they are unknowingly commenting on a Facebook post. The post the user commented on will then be shared on their friends' home pages, helping the scam to spread further.
-
Permission request
Permission request scams work through the installation of malicious applications on social networks to gain access to a user's social media account. Cybercriminals entice users to install malicious applications that request a variety of permissions to allow the attackers to act and post as if they were the user.
-
Manual sharing
Manual sharing is when cybercriminals mislead users into manually clicking on the share button in order to view content. Cybercriminals use enticing posts about shocking, funny, sexually explicit, or embarrassing events and claim to link to a related video. When users attempt to view the video, they will either be asked to share the post or will be tricked into clicking a share button in a different language. Once the post has been shared, the user may be asked to fill in a survey, sign up to a subscription service, or download a malicious browser extension or application.
-
Fake app redirect
Fake app redirect scams work by taking a user from a social networking website to an outside website. Once on the outside website, the user may be redirected back to an app on the social networking site they were originally on. The app they are redirected back to may ask for permissions that would allow the cybercriminal to act as the user.
-
Facebook bots
A Facebook bot is a software program that creates fake user profiles in order to send chat messages and share posts containing malicious links. The bot spreads by sending out friend requests to Facebook users.
-
Twitter scam
Twitter scams are based around cybercriminals using tweets to spread their scams or spam content. These attacks may redirect users to malicious websites that may attempt to compromise user's accounts, steal personal information, entice users into sending money to the attackers, or install malware.
To learn more about online scams, read How to avoid Online Scams.
Help us improve this solution.
Thank you for helping to improve this experience.
What would you like to do now?
Browse for solutions, search the Norton Community, or Contact Us.
Operating System: Windows
Last modified: 08/19/2024