As of January 2022, there are well over 4.62 billion social media users around the globe.
That’s well over half of the world’s population, each of us using our favourite platforms to connect with friends and family or support the brands and public figures we love.
But the power of social media isn’t always used for good.
In fact, these platforms can serve as the perfect playground for cybercriminals and bad actors to do their worst. And that can mean impersonating a financial institution to phish or scam others.
In many cases, these cybercriminals want access to your online banking credentials, credit card information, and other sensitive data. In short, they’re going after your finances, if not your entire identity.
With half the world’s population scrolling social media, it’s safe to say these platforms aren’t going anywhere. So, what can you do to stay protected from social media phishing?
Let’s talk about what to look for and our tips for keeping your social media safe.
What does social media “phishing” look like?
“Phishing” refers to any kind of attack intended to deceive people into revealing their personal information in order for the cybercriminal to steal your money or identity.
Social media phishing involves the creation of a fake social media profile that’s disguised as a legitimate financial institution or banking-related account. It may look like impersonating the overall organization or a customer service representative on the organization’s behalf.
Just like many other fraud or phishing scenarios, the cybercriminal will often attempt to make the user feel fearful, concerned, and/or rushed to reveal sensitive information or send money, like the example below.
An example of what a message from a fake account on Facebook can look like. Notice that the account is called “Vancity Support” and the link goes to fraud-vancity.com, not vancity.com.
If the user clicked the link sent by this fraudster, they’d be redirected to a fake or lookalike Vancity website that was set up to steal online banking credentials or trick the users to download malicious software.
Sometimes, cybercriminals will use a tactic called “angler fishing” to scope out users who are looking for support or airing a complaint related to a financial institution and reply to them — hoping the user won’t realize that the account replying isn’t the official account.
An example of what angler phishing can look like on Twitter. The replying account is masquerading as a Vancity social media account – note the account name (with a zero), the use of an emoji in place of a verified account checkmark, and the use of a link shortener.
How are cybercrime efforts becoming more targeted?
In recent years, cybercriminals have taken to scouting public profiles or openly available personal information to craft very specific, targeted phishing attacks.
Depending on the profile, a cybercriminal can get familiar with a user’s hobbies, interests, employment information, and even personal details about where the user lives with a simple scroll through their social media profiles.
For example, a cybercriminal could use someone’s name, job title (from their LinkedIn profile), and current location or activities (from their posts on Facebook and Instagram) while posing as their financial institution (from their interactions on Twitter) to craft a highly convincing phishing message.
And naturally, the more specific detail a cybercriminal has about someone, the higher their chance that their target will interact with their link or provide them with sensitive information.
Tips for staying safe from social media cybercrime.
Phishing and fraud attempts can be upsetting if not devastating for victims. But the good news is there are measures you can take to help keep yourself safe on social media.
1. Be wary of unsolicited messages.
If you receive an unexpected message from an account or person you don’t know, be cautious and check the sender’s profile carefully. Don’t click links or provide personal information unless you’re confident that the sender is legitimate.
If the message is coming from what appears to be a financial institution, look for official logos and branding, and check for a verified account badge. Keep in mind that fake profiles will often try to trick you with their usernames, lookalike account handles (such as Vancity_Supp0rt), and symbols or emojis that look like a verification badge at a glance.
2. Don’t provide sensitive information over social media.
If the sender asks you to provide sensitive personal or financial information over social media, end the interaction — and be aware that cybercriminals will often try to make you feel rushed, concerned, or afraid in order to get you to reveal this information. Keep in mind that Vancity will never reach out to you over social media for personal or financial information.
Instead, visit your financial institution’s valid website or call the support number on the back of your bank card to validate claims of fraud or other activity.
3. Review your passwords, multifactor authentication choices, and privacy settings.
Keep your passwords strong and unique to each website or application. A password manager can help you generate and store complex, unique passwords for every website you use.
Enable multifactor authentication wherever possible, particularly for sensitive accounts, like your online banking login details. Multifactor authentication helps make sure that, even if your credentials are compromised, your account is more likely to stay protected. Consider using an authenticator app for your second factor method, as it’s more secure than receiving a one-time code over text message.
As for your privacy settings, remember that each social media platform features different settings that you can tailor for your profile. Consider enabling settings that only allow friends or pages you follow to directly message you. And when in doubt, keep personal information about yourself to a minimum across your social media profiles.
4. If you know or suspect that fraud activity has occurred, contact us right away.
Whether you think you may have been a victim of fraud, unauthorized online banking, or debit card transaction activity, we can help. Report the incident to us immediately — the earlier this kind of scam is reported to Vancity, the sooner we can provide support and protect your account.
Whether you bank with Vancity or elsewhere, if you suspect you’ve been a victim of fraud, let your bank know immediately and report the incident to the Canadian Anti-Fraud Centre.
Where to find more information.
Check out Vancity’s social media page for links to our official social media accounts, as well as guidelines about how we operate on these platforms.
Found a social media account or website that’s impersonating Vancity? Please contact email@example.com.