Surprising ways that scammers use Facebook to get your personal data

You just gave away your personal data to a fraudulent social media page. Why? Because they asked you for it!

You’re a smart consumer. You don’t fall for scams. Yet, you can be a willing accomplice to a social engineering scheme without even knowing it.

Consider this scenario. A cybercriminal sets up a fake Facebook account for a favorite brand. They lured you into a false sense of complacency while they provided you with excellent, compassionate customer service. Of course they seemed genuine. Best of all they offered everything you wanted – a refund, an upgrade - all in exchange for personal details to help service your account.

Customers are turning to brand social media pages to voice their complaints. They find it more convenient and responsive than traditional customer call centers. No brand wants consumer complaints to tarnish their public reputation so they set up customer support to their brand social media pages. 

However, it’s just as easy to create a parallel brand page with content that mimics the original. On these pages scammers use methods like self-XSS or cross-site scripting to dupe the user in to copying malicious code into their own browser. Another method called clickjacking or UI redressing encourages users to click on a seemingly harmless link (Jedi kittens caught on camera), which secretly takes control of their computer and gathers personal information.

Would your customers know the real brand page from a fake?  That’s why smart brands are establishing social media monitoring as part of normal operations.

With a tool like Cafyne you can discover impersonating profiles, respond to comments on your brand pages, analyze the conversations for policy compliance and get a deep analytical score - the Impact score - to gauge the real engagement with the comments or post. Once you establish monitoring as part of normal operations you can catch sketchy behavior before it advances. Your social media accounts will continue to serve you and your customers instead of cybercriminals.