Friends, Followers, and Frauds

Thank you. Welcome to this presentation. We’re going to talk about friends, followers and frauds, the unfriendly side of social media. Social media has done big things to help us connect with other people in our community, people around the world, but, sometimes there’s dangers that go along with that as well.

Types of Scams

So some of the things that you need to be aware of as possible types of scams:

Romance Scams

So maybe you’ve heard of someone who they met someone online, they sent them a ticket or money for an airplane ticket and then the flight got canceled or something terrible happened and so they sent them money for another ticket and no matter how many times they sent them money for this ticket, that person just didn’t show up.

These types of scams are a lot bigger than just airplane tickets. They may ask for money for investing. They may ask for money for their business, maybe a medical emergency.

And it’s a long-term scam. They may be in contact with the victim for weeks, maybe even months before they ever first ask for money. And then they’ll ask for a little bit and a little bit more. And people have given away hundreds of thousands of dollars, even millions of dollars to people that they’ve never met, becasue they were convinced that they were in love.

Charity Scam

Another type of scam that we see often after some kind of natural disaster are charity scams. They may try to collect money for recent hurricane victims, tornado victims. Maybe they want to put together a memorial for a school shooting, but in these scams, the money never makes it to the place that that they’re claiming it’s going to go to.

Sometimes they play a longer game and they have a fake charity set up. Maybe it’s an orphanage in another country where you can’t go visit and they’ll tell you about how they don’t have enough food for these kids. They need medicine, they need school supplies, and they’ll keep collecting and collecting and collecting. They may even have a Facebook page and they share pictures with you, but they’re always needing more and more and more. And the money never actually gets to the place that they say it’s going to.

Investment or Crypto Scams

Another type of scam you might run into is investment or crypto scams. So, this may be someone that contacts you out of the blue and says, “Hey, I have this opportunity for you, it’s risk-free. I promise returns. You’re going to get returns quickly.” But the investment never materializes.

I remember when I was a kid, we used to get phone calls to our house and they would leave a message on the voicemail saying, “Hey, I’m trying to reach Charlie, don’t tell anyone, but I found this really cool investment thing and now we’re going to make so much money, but it’s secret.”

Nobody at our house was named Charlie. There really was no Charlie. They were trying to make us feel like we had stumbled upon some secret online. It’s the same concept, just different technology.

Sometimes these may be part of a relationship scam like we were talking about before and they build this relationship with you and then they want to help you. They want you to make money because you’re such a great person and so they’ll ask for money and try to help you invest it. But again, this money never actually makes it to any sort of investment. It all just goes into the scammers pocket.

Fake Ads

Another thing they might see are fake ads. So these ads might be for products, it might be for services, it might even be for a contest.

Sometimes you may actually get a real product, but it’s a knock off. So maybe they told you that you were going to get this name brand purse, but when you get it, it’s  not what they promised. It’s a knock-off. You’re not able to send it back. You’re not able to get a refund. You’re just out the money with a knock-off bag.

Sometimes you get nothing. Absolutely nothing. They take your money.
They send you a confirmation and then just nothing comes in the mail. There’s nobody to contact. There’s no way to get a refund. It’s just gone.

Sometimes there’s no product, but then also you have given away your banking information or maybe even installed malware on your computer by clicking on this fake ad.

There are legitimate ads. But not all of them are. A lot of these companies will also disappear after you’ve placed your order.

Marketplace Scams

So even locally, you might run across some of these. You might think, you know, Marketplace, I’m gonna buy something on Marketplace. It’s somebody local. I could trust them. Well, they may not be as local as they claim. And again, you may not ever get the product. A lot of times I’ll ask for maybe a down payment and so you’ll make the payment, you’ll go to show up and there’s nobody there.

I know of a woman who had a breed of dog that she really wanted and she found these beautiful dogs and she was ready to adopt them. She made the down payment. She drove hours to go pick up these dogs. When she got there, there were no dogs, there were no people, there was nothing. They kept making excuses and saying “Well, we can’t come because something happened to the dog. Something happened to my car. I had an emergency.” This woman never saw the dogs and that’s not uncommon.

Fake Friends & Impersonation Accounts

Sometimes the scams masquerade as people you know. They may pose as your friend. They will take pictures off of a profile of a friend and create a whole new profile. So when you see that picture, you say, “Oh, that’s my friend, I know them, I’m going to add them.”

Sometimes it’s actually they have been able to hack into somebody’s account and they now have control over that account and they’re adding people. I got a message one time from my great aunt, which would have been great to talk to my great aunt, except she had died several years before. Somebody had taken over her account and they were trying to get personal information from family members that they could use in the future for scams.

One way that they try to get around some of the restrictions on Facebook or LinkedIn for duplicate profiles. Sometimes it might add like a “Jr.” or “II” or maybe a middle name. They’ll do something that’s just a little bit different, so that way they won’t get flagged as a duplicate profile. I’ve seen people where it has listed them as “Sr.”. Well, they don’t have any kids. They’re not a “Sr.” and so we were able to flag that that profile.

Quizzes & Personality Tests

Another thing that’s popular is to do quizzes and personality tests. We like to know about ourselves. We like to learn about our personalities and sometimes they’re just silly. Like what type of potato are you? I don’t know. Let’s find out well.

These personality tests will a lot of times collect personal information. They might ask you things that would be used as a security question at your bank, or maybe some of your secured profiles. They may collect information from your Facebook profile or your Instagram profile or whatever profile because you’ve clicked through and said “Yes, I agree they can have…whatever.” We like to click through windows and not actually read them and so sometimes we unknowingly give away our information.

One of the biggest instances of this would be the Cambridge Analytica personality quiz. They were able to harvest 87 billion users data. It ended up to be one of the largest fines ever given for this kind of data breach. And what they found was that there was an improper check of data use by Facebook. Cambridge Analytica wanted information from the person. Facebook let them have it.

And there weren’t clear permissions given by users. It asked, “Do I have permission to have your profile picture, your profile information, your contact information, your friends list,” and it wasn’t clear to people what information they were giving away. And so 87 million users lost their data to this this breach.

How to Identify Scams

So we have the types of scams. How do we identify these scams? Knowing that they exist is great, but we need to know when they’re happening.

Too Good to Be True

So some of the things to look for are is this too good to be true? With the investment scams, there is no such thing as a guaranteed return. Returns are not going to be made quickly with no risk. There are no investments that are no-risk.

Maybe you see something that is ridiculously cheap; super-duper clearance. It’s probably not a real offer. People giving away free iPads, free Chromebooks. They’re probably wanting your data, and you’re probably not going to get anything in return.

Urgency or Pressure

A tactic that’s often used is they’ll give you a sense of urgency or pressure. You need to do this now. There is a timer going. You need to complete this action before this timer expires.

So what they’re trying to do is they’re trying to put pressure on you because they want you to act without really thinking. Just do it. They don’t want you to ask someone for a second opinion. They don’t want you to have a chance to really dig through the details. Maybe their name is off, maybe their grammar’s off, maybe something’s off and they don’t want you to find it. So, they need you to act quickly and they will put a lot of pressure on you to act quickly.

Suspicious Requests

Sometimes you might get suspicious requests. Maybe someone is contacting you about a Thanksgiving recipe and they’ve never, never come to your family Thanksgiving before. That’s a little suspicious. You might be asking around, it might be a duplicate profile and they’re trying to get some information out of you and they just want to open up a little bit. They want you to trust them.

Suspicious Links or Attachments

It may have a suspicious link or attachment. One that I notice a lot is sports, high school sports, football games. There will be people that will put links saying, “Hey, we’re going to stream this event”. Well, they don’t tell you what the event is.
And they’re actually not associated with anything. It’s just here’s the live stream and a link. It’s very vague. So, you don’t actually know what you’re clicking on.

They might send you something in a message and say, “Hey, can you just look this over real quick?” What am I looking over? Why do I need to look over it? So they’ll send you things, links, attachments, and just not a lot of information because they want you to be curious and they want you to click through and they want you to look at it.

A lot of times that’s when they are getting malware installed on your computer.

Grammatical Errors or Unusual Language

Check for grammatical errors, unusual language. I see this a lot with people that they’re trying to make some kind of connection with you, but they know nothing about you. So it’ll be something like, “I love what you’re doing.” or “That was so insightful.” And it just doesn’t add up to the thing. It doesn’t match up with what they’re commenting on. It’s very vague. It’s out of context. You might feel like you need some clarification. Like what? What do you mean?

They a lot of times will be trying to butter you up like, “Hey, you have so many good things to say, be my friend.” Those are some red flags that this person really doesn’t want to know you for good reasons.

Visual Cues

Look for visual cues in in photos. We’ve kind of gotten accustomed to looking for it. Do you have six fingers? Oh, you’re probably AI. Maybe the lighting is off. Maybe the skin texture is just that’s not a normal skin texture.

Or maybe they’ve done a really bad Photoshop job. The face and the body, the lighting doesn’t match. Maybe the head is too big for the body. If something looks off, it’s worth looking into.

Reverse Image Search

Now one of the ways you can do this is a reverse image search. So take that picture that they sent you and you can go to a search engine and search for other pictures like that.

Scammers tend to be uncreative with their images and they will use them over and over and over again. They actually have services where you can buy these packs of images and scripts and things. And so, if it’s a scammer, a lot of times you will find that picture is easily available on the Internet. You might even search their name and the word “scam”. If it’s something that has been going on a while, other people will have reported it online and you’ll be able to find more information about it.

How to Protect Yourself

So we talked about different types of scams. We talked about how to identify the scams. So now let’s talk about how do you protect yourself from these scams. So some of these are going to be things that are just across the board going to be good, not just on social media, but anywhere.

Use unique, strong passwords

If you are using a password 123456 password something using QWERTY, I love you, Monkey, Princess, your favorite sport. A lot of other people are using those same passwords. It takes less than a second to break those passwords. So, you want to use passwords that are unique, they’re strong, and they’re long.

So, let’s just assume you’re using numbers, uppercase, lowercase, letters, symbols –  all the works. So, if you have 4 characters in your password, a hacker can crack that instantly. Move it up to five, it takes them four hours. 6 characters it will take them two weeks. 7 characters it will take them two years. The current recommendation is 16 characters. That will take them 94 quadrillion years. I can’t even count that high. They are not going to get in.

You want to make sure that each of these passwords are unique, so don’t use the same password for your Facebook and your Instagram and your TikTok and your LinkedIn, because if one gets compromised, all of them have been compromised.

That’s a lot of passwords, and I understand that’s a lot of passwords. So, one thing you might look into is a password manager. Password manager requires you to keep one very strong password and then it will unlock all your other passwords for you. A lot of them will even help you randomly generate passwords, because if you’re storing it in a password manager, you don’t have to remember it in your brain anymore. You can do just random gibberish. It’s great.

Enable 2FA

Next you want to enable 2FA. You may hear this called 2FA, two-factor authentication, MFA or multi-factor authentication. So basically, it is it is a code or some kind of verification that you are who you say you are.

So, there’s three ways that we can, we could prove that you should have access to something: who you are (that’s your username), what you know, (that’s the passwords that we just talked about), and what you have.

So, the 2FA, that’s the what you have. You have access to that e-mail that the code was sent to. You have access to your phone that has the authenticator app, or you have access to the device that got the push notification. It’s what you have. So even if someone were to come up with your username and your password and your credentials got leaked, they don’t have access to whatever that is that’s getting your 2FA, so they can’t get in.

Check Your Privacy Settings

Check your privacy settings. Make sure that you’re not sharing everything with the world. Don’t just depend on the default settings. Actually go in and look.

There should be some kind of security setting under your profile. It will let you set up your 2FA. It will let you change your password. It’ll tell you who you’re sharing information with, if you’re sharing your contact information like your e-mail and your phone, or if that’s private, if people can look you up in your search.

An example of privacy settings gone wrong. There was a website project called Koppie Koppie where you could buy someone’s kid on your favorite mug. Not your kid –  just someone’s kid.

What that was, was it was a bunch of photos on Flickr that they had used the wrong privacy setting and they made them public. So, they took pictures of these children that had permission setting saying “You can you can access this, you can use it for profit”. They put them on coffee mugs.

Of course it wasn’t a real business model, it was just to raise awareness. They took down the pictures of any kids that parents said please take that down. But that’s really scary to know that you may inadvertently get permission for your picture, your child’s picture, your niece, nephew, grandkid, their picture to be used for profit by someone you don’t even know.

Use Trusted Websites

And while we’re talking about buying things, use trusted websites. So, we talked about the fake ads earlier. If there’s something you’re really interested in and there’s an ad on it, there’s no reason why you can’t just Google the website and go to their actual website instead of clicking through the ad. So, maybe Amazon is showing a really cool ad for, I don’t know, a pot holder that’s awesome. So, you can go to Amazon directly instead of clicking through the ad. That way you actually know you ended up ended up on Amazon.

Sometimes these ads, they will direct you to a fake website that looks similar, but it’s not the same. So, this way you know you’re going where you’re supposed to be.

Don’t Add Strangers

There are a lot of people that want pretend to want to be your friend. In just the past two weeks I have had a K-pop star and a retired general that both wanted to be my friend on Facebook. And we don’t know any of the same people. I don’t even like K-pop. That’s on my daughter. They’re not real people. They don’t really want to be my friend.

When you add strangers, you give them access to things that you’ve set for friends only and so, part of keeping it private is protecting who has access to your information, and so we don’t want to give that to strangers.

Do Not Take Conversations Off the Platform

Especially in things like romance scams, they’re going to want you to move to something like WhatsApp or maybe an AI phone call. What they’re trying to do is they’re trying to bypass protections, especially if you’re on a dating app. There are things in place to watch for scammy behavior, and if they move you to something like WhatsApp, those protections are gone.

Listen to Banks, Friends, and Family Members

And then listen to your banks, your family, your friends. If something’s wrong, they’re probably going to tell you, and you need to listen. And sometimes it’s really hard. We don’t like being told what to do. We don’t like feeling foolish, but your family and your friends, and your bank, they’re all looking out for your best interest, so it’s worth stopping and listening to their objections.

Regularly Check Your Bank Accounts

And Speaking of your bank, check your bank accounts. Look for anything that maybe things you don’t remember spending. If something looks off, call your bank. Don’t wait for them to call you and call on a trusted number. If someone asks you to call the bank, you get a text message or e-mail, don’t use the number they provide there. Go find the number yourself. Or better yet, go walk in in person.

You Are Not Alone

So if you have been scammed, I want you to know you’re not alone. Seventy-three percent of adults have been a victim of a scam or some kind of online attack. One of the key things to getting these stopped, we need to make sure people know that they can report these, that they can come forward about this. If we keep things secret, things aren’t going to change because we won’t ever get access to the scammers.

So, big take away, I need you to understand that that you’re not alone. If you’ve been scammed, this happens to a lot of people. The people doing these scams, this is their professional job.

What to Do If You’ve Been Scammed

Report the Scam

So if you have been scammed, the first thing to do is to report the scam. Report it to the profile. There will be places to report on Facebook, Instagram, LinkedIn. They want to know because they want to shut this down. They want you to trust the people that are on their platform.

Call your local Police Department. You can call your local Secret Service office. They have a Cyber Fraud Task Force and you can find them at secretservice.gov.

Call your local FBI office. They have an Internet Crime Complaint Center (IC3). You can find that at ic3.gov. The whole point of that is to just collect complaints about cyber crimes. You want to, you want to make it very known that this has happened.

Change Your Passwords

Change your passwords, especially in romance scams. Again, people will want your passwords. Maybe an investment. They set up an account for you. Change all of your passwords. You don’t want to be giving away access to anything else that they don’t already have access to.

Monitor Your Accounts For Suspicious Activity

Monitor your accounts for suspicious activity. Again, check your bank accounts. Look for unusual logins. Maybe it says that you’re logging in from a different state. That’s a problem. Anything that just feels off, you want to monitor for that.

Contact Family & Friends

And then probably the most uncomfortable part is you need to let your family and your friends know. If you have done something to give away their personal information, or you have encouraged them to invest in a fraudulent investment scheme, you have a responsibility to let them know. You need to look out for them. You need to protect them. They need to know what’s going on.

Beyond the effects of them and protecting them – this is going to be difficult. You are going to need the support of your family and your friends. Most people, it’s common that they feel dumb. They’re embarrassed. They lose trust in themselves for a long time. You’re going to need the support of your family and your friends.

They can help you report the scam. They can go with you. They can help walk through the steps. And then they can be there to support you. You can send them things and be like, “Hey, I just, I just don’t know about this. Can you look over it with me?” This is really a time that you need your family and your friends.

If you are a family or friend member friend that is being told – be kind. Above all else, be kind. It has taken a lot of courage for this person to tell you that they have been involved in this scam and they don’t need someone telling them, “I told you so. Why are you so stupid?”

They’re already telling themselves those things in their own mind. They don’t need you piling on. They need you to be supportive. They need you to walk them through these four steps of things to do so that this can be taken care of.

There is actually a National Scam Survivor Day set up by the Better Business Bureau on the second Thursday in May. And the main reason for this is because there is a stigma of maybe you didn’t do enough research or maybe you did something to cause this for you.

And if we’re going to start reporting scams and we’re going to start bringing down these scammers, we need people to step up and say, “Hey, this has happened to me. I have been a victim and here’s what I can help contribute information-wise.”

So, if you take nothing else away from this, I really want you to understand that we have a responsibility to report these scams and to work with authorities to help bring them to a stop.

Be kind and be honest.

Questions

Are there any questions?