Social media is an excellent place for identity theft, as all the information criminals need to pursue you is freely available online; whether it’s your date of birth or your mother’s maiden name on your Facebook account. You may be thinking, “Criminals can’t see that information… I’ve blocked it in my privacy settings.” Well, read on to see the tricks fraudsters use to gain control of your device and access to your information.
Given that social data is now “where the money is,” criminals have created specialized tools, in the form of targeted viruses and Trojans, to take over your device and other social media accounts without your permission.
You have heard of social media users who have been exposed to at least one form of malware and had their e-mail or social networking account compromised or taken over by a third party without their permission. Bad guys trick users into clicking on links in posts and messages that purport to come from friends or colleagues using a technique known as social engineering.
Criminals take advantage of the trust we extend to those in our social network by masquerading electronically as these trusted parties, invariably tricking users into clicking on a link that will ultimately infect a computer with a virus, Trojan, or worm.
Organized crime groups are swift to react to breaking news, which they use to dupe innocent users to click on as a means of infecting them. Whether it is Kim Jong-un purportedly dead, the COVID-19 food saga, or a celebrity in the nude, the headlines are too enticing to ignore, and thus people click on them.
When Malaysia Airlines Flight MH370 went missing over the Indian Ocean, scammers were ready to go with fake photographs of the plane and purported videos showing “MH370 found at sea, shocking video just released by CNN.” The messages spread like wildfire over social media to a curious public eager for answers, not realizing they had just infected their machines with viruses. Sometimes curiosity does kill the cat.
One of the best-known pieces of social media malware was known as Koobface (a variation of “Facebook”), which targeted Facebook users around the world. The malicious social media worm spread by tricking users into clicking on a Facebook link with an impossibly compelling headline such as “OMG—I just saw this naked video of you!” Who wouldn’t click on such a message? Unfortunately, one curious click could lead to a flurry of malware.
Once infected, the Koobface worm steals any available log-in credentials it can find on your machine, including those for your Facebook, Skype, Yahoo! Messenger, and Gmail accounts. Koobface could also force your computer to take part in denial-of-service attacks against third parties and hijack your Web search returns and clicks to take you to untrusted Web sites.
The Commission is aware that unscrupulous content creators are taking advantage of the digital information age to publish and distribute “disinformation” and so-called “fake news” – new forms of propaganda intentionally designed to mislead the reader and potentially cause harm. Through its UgCERT (Computer Emergency Response Team), the Commission provides support in fighting against the spread of “fake news”.
Therefore, the public is advised to be vigilant and to exercise due diligence by verifying the authenticity of any news stories, reports or links from unofficial sources before believing and acting on them. A request to check a piece of information can be sent to 0791 847 828 (Whatsapp); E-mail: firstname.lastname@example.org; Blog: https://ug-cert.ug/fake-news/ for verification and fact-checking.