Phishing attempts can come in the form of posts, direct messages (DMs) and advertisements, but how can you be sure? What are the signs? Knowing about seven of the most common social media phishing scams can help you protect your account and personal data.
1. Pig Butchering
The pig butchering scam is named after the practice of fattening hogs up before the slaughter. The scammer develops a friendship or romantic relationship to build trust, and then uses typical phishing tactics to get you to forfeit your account or your credit card details.
Red flags:
- You receive an unsolicited DM: People who DM you for no reason generally want something. If they claim it was accidental but continue talking to you, you must be the one to stop engaging.
- You have the same friends list: Scammers often add people from your friends list before requesting to add you to make their account seem more believable.
- They insist on taking the conversation elsewhere: Scammers insist on moving apps or getting your phone number. This way, they don’t have to worry about their account being deleted while they carry out simultaneous phishing attempts.
Considering 25% of the people who’ve reported fraud-related losses say it started on social media, you shouldn’t take the conversation to another app. Also, ignore unsolicited DMs — if someone really needs to get ahold of you, they’ll call, e-mail or send mail.
2. Fake Customer Support
In a fake customer support phishing scam, the scammer pretends to be a business when DMing you to trick you into giving up your account details. Since over nine in 10 business-to-business marketers use social media to post content, their presence alone won’t raise any red flags.
Red flags:
- The account isn’t verified: With the exception of X (formerly Twitter), big brands, celebrities and influencers are the only people who can get verified. If a customer support account isn’t, it’s a clear sign it’s a phishing account.
- They contact you out of the blue: Companies generally don’t send DMs unless you post a complaint publicly. An unprompted message signals a phishing attempt.
If you’re unsure whether the business is legitimate, check the account and compare it to its verified counterpart. Minor inconsistencies like a misspelled name or grammar mistakes mean it’s probably a phishing attempt. If all else fails, contact the official customer support line on the enterprise’s website for clarification.
3. Fake Advertisements
The fake ad phishing scam works by getting you to click a malicious link or browse a compromised website. Ultimately, the goal is to steal your financial data or install malware.
Red flags:
- Poor-quality promotional material: Scammers phish to make money, so they spend as little as possible to set up the scam. They often use Photoshop or generative artificial intelligence.
- Unbelievably low prices: If an offer sounds too good to be true, it probably is. Scammers want to entice you to click a malicious link or input your credit card details.
Never click directly on social media ads since malware may be embedded in the image. Instead, look for the business using a search engine. Also, be wary of entering your credit card details on any unfamiliar website.
4. Deepfake Scam
A deepfake is an image, video or audio clip that imitates someone’s likeness. Scammers only need a single image and one minute of audio to create one. They might impersonate someone you know or use this technology to make their profile seem legitimate.
Red flags:
- You can see AI artifacts: AI artifacts are a byproduct of the training process. Since the algorithm doesn’t truly understand what it’s making, it accidentally misplaces things, distorts shapes and blurs textures. These are signs the content is AI-generated.
- They never send live video: While deepfaking live video is possible, the average phishing attempt won’t deploy such resource-intensive tactics because it’s expensive.
Watching for AI artifacts and odd speech patterns can help you spot a deepfake. However, considering one in five people is unsure if they can spot an AI-generated image, that might not be enough. You should also ask for an in-app video call since live videos are harder to fake.
5. Authentication Code Scam
In an authentication code scam, scammers text, e-mail or DM a malicious but harmless-looking link. They’ll say something like, “This is your code. Click here to verify.” If you follow it, you’ll end up with malware on your device.
Red flags:
- You get a code unprompted: Social media platforms will only ever send authentication codes upon request. If you haven’t requested one, either someone is attempting an account takeover or launching a phishing attempt.
- You’re asked to click a link: As a general rule of thumb, you should never click links you don’t fully trust — you’ll either get Rickrolled or unintentionally install malware.
Don’t click the link. Instead, immediately update your password using a lengthy mix of random numbers, letters and symbols. Consider adding multi-factor authentication to your account and updating your security questions to prevent future phishing attempts from being successful.
6. Investment Scam
An investment phishing scam tricks you into thinking you’re investing when you’re giving a scammer your banking details and personally identifiable information in reality. If you get a DM offering to help you invest in the latest cryptocurrency, it’s probably a phishing attempt.
Red flags:
- They promise high returns at no risk: If there was an easy way to get money, everyone would be doing it. Phishing scammers often promise risk-free high returns to lure you in.
- They claim to have insider knowledge: Scammers often claim to have insider knowledge on new cryptocurrencies or stock trading to lower your guard.
In 2022, investment-scam-related losses reached $3.31 billion — a $1.86 billion increase from 2021. If you don’t want to become a part of this statistic, avoid taking financial advice from social media. Also, remember never to click on any links in an unprompted DM.
7. Impersonation Scam
Impersonation scams work by using a friend’s social media account to trick you. Once the scammer takes over their account, they send phishing links to everyone on their friends list. If you click it without thinking, you forfeit your account — at the very least, your data gets stolen.
Red flags:
- They suddenly send you a link: If an acquaintance suddenly DMs you just to send a link, chances are they’ve been hacked and a scammer is phishing you.
- Their account isn’t verified: Phishing accounts impersonating big names claim they’re using an “alt account” to explain their lack of verification.
Talk to your friend directly if you feel something’s off — don’t engage with the scammer. There’s a low chance they have multiple compromised accounts, so text or call them to ask them if they’ve been hacked.
Knowing the Red Flags Helps You Protect Your Account
Keeping an eye out for minor inconsistencies and odd behavior can help protect you from becoming the victim of a social media phishing scam. Remember to keep the best practices in mind while you browse your favorite app — don’t click on links, engage with the scammer or take a stranger’s unprompted advice.