Everything we do on the Internet – making travel plans, keeping in touch with our relatives or seeing what our friends are up to on Facebook – leaves a trail of information about our location, finances and relationships. With cybercrime on the rise and nearly one million new security threats released every single day (viruses, hacks or identify threats), all of our information is at risk of being exposed. 

Just as we take steps to protect ourselves offline by installing home security systems or always locking our doors, it’s now more important than ever for us to cover our digital tracks and understand where we might be vulnerable.

However the public undervalued their data in 2014, freely giving away e-mail addresses and login credentials without checking that they were on a legitimate website. If you’re active on social media, chances are you’ve seen one of the following offers appear in your news feeds and timelines:
·    Free smartphones, airline tickets, or gift cards
·    Unbelievable news about celebrities (sex tapes, death)
·    Significant world news (specifically, natural disasters)

While scammers certainly evolved their tactics and ventured onto new platforms in 2014, a lot of their success continues to come from our willingness to fall for predictable and easily avoided scams. Symantec’s Internet Security Threat Report (ISTR) Volume 20 revealed that the big shift in social media scams in 2014 was the uptake in manual sharing scams. This is where people voluntarily and unwittingly share enticing videos, stories, pictures, and offers that actually include links to malicious or affiliate sites.

In 2014, Malaysia ranked 5th in the Asia Pacific and Japan region for the number of social media scams. 84% of such scams were shared manually, 14% higher than the global average as attackers took advantage of people’s willingness to trust content shared by their friends.

One such scam in 2014 took advantage of the death of Robin Williams, with a social media post purporting to share his goodbye video. Unwitting users were asked to share the video with their friends before they could view it, and were instructed to fill out surveys, download software, or were redirected to a fake news website. There was no video.

With manual sharing the cyber criminal can sit back and watch users do the work for them – there’s no need for them to perform any hacks. Other social media scams require a bit more work on the part of the criminal. Dating app scams, for example, require users to click through links and sign up for external websites, at which point scammers would then make commission as part of an affiliate program.

Affiliate programs either pay cyber criminals for every victim that clicks through, or only pay out if the victim signs up and shares credit card information. These pay outs range from US$6 (RM21.70) to US$60 (RM210), and has become a profitable monetisation strategy for online criminals. As revealed by ISTR Vol.20, this is more profitable than selling stolen information on the black market, with credit card details valued at US$0.50 (RM1.80) to $20 (R72.30), and stolen e-mail addresses valued at US$0.50 (RM1.80) to US$10 (RM36.15) for 1,000 addresses.

CyberSecurity Malaysia, the national cyber security specialist agency alerted the public last year to the rising trend in cyber blackmail scams. Victims are targeted via social networking sites, where the perpetrator usually creates a profile on a social networking site portraying him or herself as an attractive Asian woman, befriend and flirt with potential victims, and subsequently invite them for intimate video chats. According to CyberSecurity Malaysia, it has become a global issue and victims are asked to pay a ransom ranging from RM500 to RM5,000.

While social media scams are able to provide cyber criminals with quick cash, some rely on more lucrative and aggressive attack methods like ransomware, which according to ISTR 20, rose 113% last year. Instead of pretending to be law enforcement seeking a fine for stolen content, the more vicious crypto-ransomware attack style holds a victim’s files, photos and other digital content hostage without masking the attacker’s intention. Malaysia recorded an estimated 4,530 ransomware attacks last year, 9th highest in the region.

With all these risks, what can we do to better safeguard ourselves against these attacks? Some best practices include:

1.    Protect yourself. Use a comprehensive Internet security solution that includes capabilities for maximum protection against malicious code and other threats
2.    Update regularly. Keep your system, program, and virus definitions up-to-date
3.    Be wary of scareware tactics. Versions of software that claim to be free, cracked or pirated can expose you to malware or social engineering attacks, which attempt to trick you into thinking your computer is infected and getting you to pay money to have it removed
4.    Use an effective password policy. Use complex passwords (upper/lowercase and punctuation) or passphrases. Consider using password management tools such as Norton Identity Safe
5.    Think before you click. Even when receiving email attachments from trusted users, be suspicious
6.    Guard your personal data. Limit the amount of personal information you make publicly available on the Internet (in particular via social networks). Consumers can protect themselves from like-jacking scams, phony offers or profile takeovers for free with technologies such as Norton Safe Web. It can scan news feeds for unsafe links and warns you of potential threats so you don’t share them with friends and family

Always remember – if it looks too good to be true, it probably is. Follow the above tips and don’t be fooled by social media scams.

Nigel Tan is country director of Symantec Malaysia & Thailand.