Phishing scams on social networking sites—don’t be tricked into giving your information away!

3 June 2009

SCAMwatch is again warning consumers to protect themselves from identity theft when using social networking sites such as Facebook, MySpace and Twitter. While social networking sites can provide users with many benefits, scammers can use your personal information to steal your identity.

Twitter has recently warned that scammers have tricked users into handing over their passwords and user names to commit identity theft or steal money.

Scammers can gain control of a consumer’s email or social networking account in a number of ways. These include genuine-looking emails or messages from the site requesting the consumer to ‘confirm’ their username and password for their social networking accounts via attached links.

Once a scammer has control of a consumer’s account, they can change the password and pose as that person. Scammers use this information to send bogus emails or messages that look like they are from the registered user to request money or gain access to other consumers’ accounts.

SCAMwatch understands that scammers are posting false internet posts using consumers’ names and email account details and sending bogus emails and invitations to their friends on the social networking sites. These emails have been known to contain links to download spyware and malicious software disguised as legitimate files as well as requests for money.

There have also been reports of consumers receiving emails or messages from their online ‘friends’ or the social networking site. These contain a link to a fake login or website masquerading as their social networking site. Once a person logs into that false site, the username and password for that person is also stolen and may be used to steal the identity of that second person.

Protect yourself

  • Never send your online account details through an email and think carefully before you give away any personal or financial information.
  • Never enter your personal information on a website if you are not certain it is genuine. Don’t click on the link provided in an email or call the phone number provided; instead, find the business's contact details through a general internet search.
  • Keep your computer updated with the latest anti-virus and anti-spy ware software, and use a good firewall.
  • When using social networking websites:
    • Check the privacy settings and think about who you really want to have access to your personal information.
    • Be careful about what personal information you put on the internet, because scammers can use these details to guess your passwords or to commit fraud.
    • Check how much information about you is available on the internet—type your name into a search engine and see how many hits you get.
    • Don’t be lulled into a false sense of security—online ‘friends’ may not be who they say they are.
    • If you receive an email that appears to be from a family member or friend, look at the way the email is written and ask yourself whether the email sounds like it was written by that person.
    • If you receive an unexpected request for money from what appears to be a friend, try to contact that friend or their family or friends to verify the request. Do not use any of the contact details in the message.

Report

Report the matter via the report a scam page on SCAMwatch website.

More information

Explore SCAMwatch to find out more about phishing scams and how you can protect yourself.

Read more