Avoid Social Media Scams

Follow these 6 steps to avoid getting phished for your credentials.

By Rebecca Gerdes

Social media is a vital part of many businesses’ marketing strategies. The platform enables a company to share business and product updates, reach potential clients, collect reviews, and keep up with their competitors. Unfortunately, social media also has become an easy way to be hacked or scammed.

A social media phishing scam has become a common and easy way for a hacker to procure login information for social media accounts, including Facebook/Meta, Instagram, TikTok, Twitter, and Pinterest. Here’s how it tends to happen: The hacker sends a phishing email to an unsuspecting business owner who’s already overwhelmed and busy trying to run and market the company. More than likely, the email will request that the recipient use the embedded link to reset or re-log into a social media account. The busy business owner looks it over, and it seems authentic and important. So they click.

Avoid Social Media Scams by Hummingbird Marketing Services

And once you’ve clicked, it’s over. From there, the hacker can steal your login information, change it, and lock you out of your own account.

These emails come from bogus accounts that mimic official brand products and customer support accounts. They trick customers and users into revealing their account login credentials. Carefully crafted, bogus emails and accounts can be difficult to distinguish from legitimate ones. They replicate the email account as much as they can.

These phishing emails will:

Mimic a company logo.
Mimic a company username as closely as possible.
Mimic the email domain as closely as possible.
Promote a high sense of urgency, and encourage you to take action immediately so that you don’t lose access to your account.
Request that you either send your account information to them or log in via a link provided within the email.
Often contain spelling and grammar mistakes.

A Facebook account phishing email sent to one of our team members. — I received this Facebook account phishing email. Although it might look real, a few key items show that it's fake, including the misspelled "attempt" in the subject line, the return address (as seen in the email itself), the extra space between "Hi" and the comma in the greeting, and so much more.

These hackers are very good at what they do. The difference in a username or domain could be as insignificant as a punctuation mark or extra letter added at the end of a username or domain.

Another common hacker move is to hold your accounts “hostage.” They will request a large amount of money in return for access to your account again. Even if you do pay them, you aren’t guaranteed to get your back. Sadly, it’s common practice for hackers to sell your social media profile and your followers to someone else, even if you pay the “ransom.” The account purchasers take over your account and reap the benefits of the followers you’ve worked so hard to gain!

Please remember: just one click on a phishy link is enough for a hacker to do serious damage.

At this point, you’re probably a little worried. You might even be asking “Have I done everything I can to protect myself and my business from online hackers?” We get it! That’s why we’ve put together a list of six easy things you can do (and sometimes not do) RIGHT NOW to protect yourself online!

#1: Protect Your Email

Your email account is all the access a hacker needs to get to your other accounts. We recommend you update your browser, operating system, and computer software as often as possible. When a new version of a program is released, it often fixes security flaws, both new and old, that hackers use to get to your information.

#2: Use Secure Login Information

Don’t use any type of easily accessible personal information for a password. Don’t use the same password on multiple accounts, and limit the number of employees who have access to your social accounts.

#3: Delete Apps You Don’t Use

And don’t just delete the apps you don’t use. You might also consider deleting apps or programs that aren’t being updated regularly by their developers. If they’re not updating regularly, their system is vulnerable to security flaws, both new and old.

#4: Never Respond to a Password Reset Email that You Didn’t Request

f you get an email prompting you to change your password, check the email address domain and username. If it smells phishy, it probably is. And if it truly is from a service or tool that you use, visit that service or tool on your own (NOT through the email) and reset your password.

#5: Don’t Click on Phishy Links

Most links sent by hackers immediately catch your eye so you click on them. Slow down and take a moment to verify that the email and links within are legitimate.

#6: Set up 2FA for Your Accounts

Two-Factor Authentication (2FA) requires you to enter a special code when logging into an account. You’re the only person with access to these codes because they come from a special authenticator app on your phone. You must have access to the device on which 2FA is set up on to obtain the code and login into your account.

Your account safety is a top priority at Hummingbird Marketing Services, and we are always here to help! If you’re ever concerned about the legitimacy of an email, social media message, or link, please do not hesitate to contact us.