One born every minute

You are security conscious and know all the Internet do and don’ts, but sometime it is going to happen. You’re going to fall for click bait, open an infected email attachment, or fall for a social media hoax. You’re not dumb. You’re not gullible. You’re not alone. People of all ages, backgrounds, and intelligence will fall for social media hoaxes. Including this writer.

As with any scam, whether it is a criminal affair or a joke, the perpetrators play on our human nature and how we react to stimuli. Must notably anything that threatens our family or personally well being. Fear. As with any con, the perpetrator uses broad, widely known information, with some truth sprinkled in for good measure. Sometimes, as the case with privacy issues, will use functions of the app to make it believable. Instructing the victim to perform a function within the app that produces a result. When the result happens, it further validates the hoax.

The ones that get you are intelligently written in a generic style or tone that could be from any close friend or relative that you would normally trust. They either forward the item to you, or worse, endorse it with a message that reads something like, “Tried it. It works!” or “This is true”. Most people don’t do research. If so and so posted it must be true, and we quickly click ‘share’. After fourteen years, Facebook is still having trust issues with its users. Anything that hints at a privacy scandal runs wild and users react.

Hoaxes, just like malware, circulate, mutate, and resurface, sometimes years after being launched. The one that got me was the ‘Following me’ security check on Facebook. [Spoiler alert-It’s a hoax] You receive a message from someone you trust that reads like the photo heading of this blog post. And trust me, it will read like the above photo because the original language just keeps getting forwarded. Following the steps outlined in the post you’ll find these unknown people “following” you on Facebook. You quickly go to the next step and start deleting all of these unwanted followers. How dare they intrude onto my highly secure and private Facebook page! The nerve.

After testing the theory and seeing that it does indeed reveal hidden followers, you forward the message on with your own endorsement. Because it does work, it must be true. You have to alert all of your friends. I didn’t go that far. But it did give me an idea for a blog post. A couple minutes of research had me SMH. Got me!

Snopes.com addressed this very hoax in a January 2017 article that was updated in September 2017.(Are Facebook users secretlyfollowing you?) Snopes traced the origin to a rumor post being circulated that Facebook security teams were paid to follow individual accounts. The post read similar to the one pictured except the user was instructed to enter ‘Facebook security’ in the block users search box. While this did return a list of people, it was determined to be people who had used ‘Facebook security’ in their profiles. In September 2017, the hoax took on the form we have pictured. However, now following the instructions returns a list of people that have “me” in their profiles.

In fact, the search box reads

So the hoaxers set you up with instructions that return what they want, a list of people you’ve never heard of, which gives validity to the hoax. Which gets it forwarded. And on and on and on it goes.

Please feel free to share. See the blog archive for more posts about privacy.
Are you being watched? February 2018

Time Expired on parking meters November 2017

Cleaning up online presence September 2017

Skimmers August 2017

Public WiFi for dummies July 2017

If you ever want to see your files again… August 2016

What did you say? August 2015

Keys to the vault August 2015

Scam websites

 Note: This post was originally published on November 27, 2016 and has been updated with new information.

On top of all the safety concerns we have for shopping in the real world, you have to be careful online as well.  Not only from identity theft issues but bogus, price too good to be true deals, on fake websites and fake mobile apps.

You use to be able to look at a website and have your spider sense tingle warning that this doesn’t look quite right. But now, at first glance, it’s hard to pick out a thrown together site. Site building skills and packages are such that pretty much anyone can construct a site that looks like a multi billion dollar corporation is at the other end. When in reality it’s a small time operation or worse an out of country company that is selling bogus products or collecting personal data.

Scam Busting

One quick way to tell if the site is not quite on the up and up is to take a tour and make note of the grammar. One thing the scammers haven’t quite grasped is writing in grammatically correct English. Sites that do not pay attention to simple grammatical structure probably don’t have your best interest in mind. We’re not talking about a typo here or their or misusing there,  they’re, or their, you'll see serious grammar issues that scream no quality control. But don’t use this as your only method.

There are several “detectors” that can be found online that you enter the questionable website address and the detector gives you a report on the site, including a score, location, technical data, owner, and contact information. One such site is Scamadviser.com. [This is just one of many and no endorsements are being given.] This site seemed to provide the most detailed information that online users could use.

If you’re not sure of a site, run it through a “scam busting site”, you should be able to get enough laymen details to make a determination if the site in question is someone you want to provide your credit card.

Typosquatting

In the early days of the Internet, criminals would identify the most popular retailing websites and then figure out the commonly mistyped spellings of the retailer’s names. They create their own sites under the misspelled names. Users always misspelled Amazon, or example. Type in Amason, and you are directed to the scammers’ site. Companies figured this out and began buying up the domain names associated with the misspellings.

The technique is called typosquatting. The practice diminished but is picking up popularity again. It’s hard to think of or even buy every possible spelling combination, so criminals are able to slip past the gatekeepers. The fraudulent sites are very close facsimiles to the real sites. Once a user interacts, malware is downloaded onto the users computer and/or information is stolen.

Mobile devices are targeted as well through fake retail apps sold in smartphone stores. The apps mimic legitimate retailers, but they install malware that steal identity, financial information, and sometimes install ransomware (If you ever want to see your files again August 8, 2016) The RiskIQ cybersecurity company estimates that 1 in 10 Black Friday apps were fraudulent. The biggest app stores fall victim to fake apps. Retail apps may be safer downloaded from the retailers website.

  

Another oldie but goodie is fake shipping notices sent via in email. They are always prevalent but become more so when criminals know that there will be an increase in online shopping/shipping. The notices can look real and appear as they are from a retailer from which you recently purchased. With the flurry of shopping everyone does at this time of year, it’s easy for fake notices to lost in all the emails received. Know what you purchased and from whom, monitor the confirmations and shipping. Most companies will send out a confirmation email, a product shipped email, and possibly a follow up.  Be on guard for anything more.

It’s hard to say stick with nationally named brands and big retailers. Lots of small businesses make their living through online sales and often have good deals especially on unique items. Just as if you were shopping in the real world, you wouldn’t buy from a questionable character off the street, so do some research before you buy online. And watch out for too good to be true deals, especially on hard to find items. Use common sense.  Check reviews. Do your homework.

Be safe. Enjoy the thrill of the hunt.

See our blog archive for other posts relating to shopping safety:

Gift cards-Less than you bargained for? December 2012

Psssst...Need some speakers? December 2015