Imagine receiving a message that makes your heart skip a beat! Clicking the link makes your smartphone skip a beat too!
Recently, Facebook users in the Philippines were ensnared by a ruse where they were tagged in comments to a post about a sex video. The notification redirected them to a community page which urged them to click on a link to the salacious video.
No prizes for guessing whether the link led to a malware infection instead.
Note that similar social media phishing ruses involving sex videos or “Is that you in this porn video” notifications have been circulating long before this latest incident, affecting hundreds of thousands of users quickly due to the sexy nature of the ruse topic.
According to Yeo Siang Tiong, General Manager (Southeast Asia), Kaspersky, scams based on social engineering are built around how people think and act. Attackers may use emotional manipulation to convince you to take an irrational or risky action that you otherwise would not. “Fear, excitement, curiosity, anger, guilt, and sadness are emotions normally used to convince an unaware, clueless person.”
Using some truth as bait
Yeo noted that trust is important among users on social media platforms, and it is also an essential bait in a social engineering attack. Users are usually tricked by accounts they follow, usually under the names of people they know and trust. “It’s cliché but the rule of thumb in internet security is always think before clicking.”
Other tips offered by the cybersecurity expert are to set strong unique passwords, take advantage of the security and privacy features of the platform, and control who can tag you or who can see your posts.
“Because Facebook (and similar platforms) regularly makes changes to their settings, it’s worth your attention and time to check your own saved settings from time to time to update it for maximum privacy.”