Facebook is one of the most popular websites in the world, as well as being the most popular social medial platform. Some 1.19 billion people use the platform today. Unfortunately, wherever that many people get together, scammers will undoubtedly be found as well. A simple quick click on something can leave your identity stolen and your bank account empty.

Some shocking statistics: 53% of all scams today specifically target social media users.

The BitDefender Test

BitDefender recently befriended 1,900 people at random for an experiment. They sent each of their new ‘friends’ three links, each of which lead to malware. The results were fascinating: 97% of those who received them simply clicked on the links without checking them first.

With those types of statistics, it is no surprise that Facebook is a very interesting medium for scammers. BitDefender also studied over 850,000 Facebook scams over a two year period.

From this study, it was determined what the five most popular, and easiest to fall for, Facebook scams are.

1. Atrocity Videos – 0.93%

Cybercriminals often spread videos that depict atrocities to attract viewers. The percentage is small, but still high enough to make it into the top 5. Additionally, the percentage is growing. Through these videos, criminals attract users to sites where they have to complete offers and surveys before they can watch the video, and they receive a commission for every offer that is completed. It is also a common way to spread malware.

How to Avoid

Avoid this scam by not allowing your curiosity to overpower you. Do not blindly click on a link and always check the source. Get news stories from reputable sources, rather than being tempted by atrocity videos.

2. Celebrity Death Hoaxes and Scandals – 7.5%

Many people want to know all there is to know about their favorite celebrities, so it is all too easy to be attracted by some sort of shocking news story. When you click on it, you will usually be asked to download something to update your video player, when it is in fact a piece of malware. If you are lucky, it is simply a PUP (Potentially Unwanted Program), which means you will receive some adware on your machine. But it can be much more serious.

How to Avoid

To avoid, use your common sense. If you want to know what is happening with celebrities, use a reputable source. Always think things through: something that is incredibly shocking would be reported in many different sources. Always avoid adult content when it is on social media.

3. Freebies, Giveaways and Gift Cards – 16.5%

Everybody loves getting things for free, so it is no surprise that this scam is very popular. Popular examples include free gift cards, free trips, free iPads, and so on. Remember that nothing in life is free. Usually, if you click on it, you will be asked to refer a certain number of friends first, which means you will immediately be spamming all your friends with nonsense offers. Additionally, there is a chance that you will fall victim to malware. Sometimes, they lead you to surveys, which means criminals earn a commission. But they can also use it to steal your personal identity and commit fraud.

How to Avoid

Avoid by remembering that nothing is free in this world and that almost all offers of that type are bogus, unless they come from a verified source. Contact the company to check whether the offer is genuine or not. A real offer should be on their website as well. Never enter your personal information on any of these offer sites either.

4. Functionality Enhancements to Facebook – 29.5%

The most popular one of these is probably the Facebook Dislike Button. Basically, you are told that by installing something, the functionality of Facebook will be improved. For instance, you may be offered the opportunity to change your Facebook from blue to green, or that you can download emoticon buttons. Sometimes, these scams are so advanced that you will actually see the improved functionality. However, in the meantime, you will also have shared all your information and that of your Facebook friends with the scammers.

How to Avoid

To avoid this, you need to be proactive and increase user awareness. Facebook will not allow external parties to change their functionality and if they did make a major change, you would know about it. Do not click on websites that say they can change anything that is part of Facebook’s corporate design, as it is likely to be a way to get to your details.

5. Who Viewed my Profile? – 45.5%

This is by far the most common and popular scam on Facebook. Designers of this scam know that users are curious by nature and they want to know how many people are looking at them. This message has been designed in such a way that it seems to be really personal, and this is attractive. People often want to know, for instance, whether someone from their past is still looking for them.

Those who use this scam will install a malicious Facebook app that makes it look as if the functionality actually works. People first have to accept the terms and conditions, after which they will be shown some random information that looks genuine. Once they have done that, however, they will start to notice that their pictures are being accessed or that posts are being made in their name. By clicking on the link, they have actually handed over control of their account and put both themselves and all their friends at risk.

How to Avoid

To avoid this, you simply have to understand that there is no legitimate app that makes it possible for you to view this type of information. It goes against all of Facebook’s principles, for starters. If you see it, simply do not click on it, no matter how curious you may be. This is true for any Facebook applications as well: always check whether they have been checked by the Facebook developers and that they are classed as safe.

Human Nature Makes Us Vulnerable to Scams

According to the BitDefender report, it is our very nature that makes us so vulnerable to these types of scams. The reality is that humans behave irrationally and that we are often driven by our impulses and emotions. This is true across all levels of education. Some specific conclusions were also drawn from the report:

  • The way human beings react, think and act is what makes them vulnerable to threats and scams, and there is very little that we can do about this, beacuse it is in our nature.
  • Anyone can be targeted by a scammer at any point during his or her life. This is true for everyone, from the most tech savvy to the uneducated. Nobody is completely immune to scams, and most of us will fall for a scam at least once in our lives. This is because cyber criminals understand psychology and use certain triggers that they know will attract people.
  • Every human being is sometimes irrational, both offline and online. At some point in your life, you will do something that, with hindsight, will appear crazy and silly. Sometimes, we simply don’t think about the consequences.
  • People who do fall victim to scams often lack certain pieces of information. They often don’t know how certain things work until they have fallen for it.

Clearly, as humans, we are our own worst enemy. We have a tendency to act before we think and to react before we think as well. This may be irrational, but it is also simply the way it is. Cyber criminals, meanwhile, can use this little bit of humanity against us in order to steal our personal information and distribute malicious programs so that they are able to make money. Essentially, they bank on the idea that people don’t know the various online dangers and that their psychological triggers are so good that even those who do know can still fall victim to it. This is why awareness and education are so important.

How to Stay Safe on Facebook

  • Stay up to date with new malware outbreaks, Facebook scams, security blogs and more. Subscribe to newsletters from trusted sources, so that you are always the first to know about any new scams. Scammers update their tactics almost as often as writers of virus programs, trying to make sure that people continue to fall for their cleverly disguised ruses.
  • Have antivirus software installed on your PC. Make sure it is a reputable program that updates automatically, so that you can make sure any malware infections are spotted straight away. Good antivirus programs will even stop you from accessing the websites the Facebook scams try to direct you to. That way, if you do ever click before thinking, there won’t be any damage done. Not having an antivirus program simply isn’t an option anymore today.
  • Keep your operating system up to date, as operating systems also include security updates, better firewalls and more. If you are on Windows 8 or Windows 10 and you are fully up to date, the security that comes with that is almost as good as the best antivirus program. Vulnerable operating systems are very much open for attack, so you have to make sure that you don’t fall victim to any of those common tricks.
  • Use common sense. Quick click methods are very hard to resist, because they play on our natural human curiosity. However, try to make a habit of always thinking twice before you click on something. An offer that sounds too good to be true probably is, and a news story that is really explosive will be reported in many different places. Take a moment before you click on anything to double check the source. Simply Googling the offer or the story should be enough to tell you whether it is true or not.
  • Only share the personal information that you truly have to share. Even when you sign up for Facebook, you need to keep the information you do share to a bare minimum. The top five items that you must at all times keep private, commonly referred to as the ‘TMI (Too Much Information) items’ are your bank/credit card information, your passwords, your home telephone number and address, your date of birth and your social security numbe
  • Set your Facebook privacy in such a way that you can keep your information hidden. The default settings are not overly secure, and you are under no obligation to keep them in place. Make sure you know how to adjust the settings and what each of those mean, so that you can limit what people are able to see about you if they find you on Facebook.
  • Stay off social media in full. While nobody wants to do that anymore, it may be necessary, particularly if you have reason to believe that your machine has been compromised. Once you know your machine is secure again, you can start using social media again as well.
  • Opt for a secure web browser and add any security add ons they offer in order to keep your browser safe and secure. Google Chrome and Firefox are particularly good and secure browsers that have excellent security add ons.
  • Make sure to use strong passwords. This is something that is absolutely critical, yet there are still too many people who don’t do it. They worry that they won’t be able to remember their passwords or they believe that they won’t be the victim of an attack. The reality, however, is that if your passwords are easy to guess (things like your name, date of birth, address), someone will guess it. And if you use the same password across different sites, you are really leaving yourself open for trouble.

Additional Resources