Cyber crime does not spare social media…

Security Awareness
19 April 2022
social media

Social media completely transformed our lives by reducing distances and time, and by crossing all classical boundaries.

Their use is increasingly widespread, whatever the age group. According to the “Digital 2020” report, of “We Are Social” in collaboration with Hootsuite, in Italy the world of Social Media records 35 million users, 2.1 million (+ 6.4%) more between April 2019 and January 2020.

Cyber crime could not fail to take advantage of this scenario, and for the various social media outlets, protecting their users has become increasingly complicated.

Further more in this last emergency period, social media has certainly been one of the most used tools to keep one’s social sphere and closeness with one’s friends and relatives intact.

And the opportunities for cyber criminals have obviously multiplied.

The numbers of economic frauds generated by misuse of social media are very high, and there are many corporate organisations that have suffered a security breach due to misuse.

What are the most common scams on social media and how to avoid them

Banners with sensational offers

Probably the most ‘familiar’ of all scams is that of sensational offers containing bonuses, discounts and unmissable bargains. And yet, despite the fact that we have seen many of these cases, they continue to be an excellent bait for the unaware victims.

These incredible economic advantages are designed to attract as many customers as possible to buy something that will never arrive, or will not be as imagined. The main objective is to steal sensitive information on bank details, which can then be used for fraudulent purposes.

Be careful not to fall for scams by remembering that:


      • In the case of unknown brands, it is a good idea to check the search engines first to see if there are any reports about them.

      • It is better to mistrust the comments on the specific site. Always search for more information about the brand.

      • It is better to use intermediary systems such as paypal for payment.

      • In the case of brands with well-known names, it is better not to use the link proposed by the banner but to go directly to the official site. If the offer is real, you will certainly find it on the website.


    With Social networks, finding love seems to be easier, but the number of tricked people is still growing.

    Catfishing’ is one of the most common scams: the cybercriminal creates a false online identity in the hope of luring someone into a romantic relationship. Typically, this is a fake profile but uses someone else’s photo and personal details. Once the criminal establishes a relationship of ‘trust’ with the victim, the trickster will start talking about financial difficulties and the inevitable demands for money will begin.

    Be careful it could be a scam if:


        • The relationship moves too quickly to a very personal level.

        • Detailed questions don’t have answers.

        • the scammer’s general profile is accompanied by false photos.

        • Money is requested within a short period of time and there is a clear refusal to meet in person.


      The quiz scam is flooding Facebook and Twitter. Quizzes usually have a fun character that arouses curiosity, such as “Who is your celebrity soulmate?”, or “Where is the best place for you to live?”.

      Fraudsters use these catchy and seemingly harmless titles to lure their victims into giving them personal information or infecting their devices with malware. Among the most frequently asked questions of a personal nature are those that are often used as security questions to protect one’s account, such as: the city of birth or the name of one’s pet. Having obtained this information, hackers will attempt to compromise the victim’s online identity.

      It could be a scam if:


          • The requested information is very personal.

        Hidden addresses (URLs)

        Short URLs are popular on Twitter where there are short writing spaces. Cyber criminals often use this expedient to mask phishing links and dangerous websites. By hiding the true URL, it becomes very difficult for users to verify the validity of the link, and very easy to be directed to a site hiding malware.

        Be careful not to fall for scams by remembering to:


            • copy and paste the link on sites such as ExpandURL or Google Safe Browsing, to find out if the link is legitimate or not, or if it contains malware and is not safe to visit

          Profile Hijacking

          In these cases, the cybercriminal ‘hijacks’ a real profile to induce more people to accept a friendship or to exploit the friendships of the hacked account to carry out his criminal activities. The variants of this scam are generally of two types:

          An account is created that is almost identical to another person’s, using their photo, personal details and geographical location. The aim is to trick other users into thinking that this is a real and trustworthy account that they can friend, and in this way spread malicious links.

          In the second variant, hackers manage to enter an existing profile and once the password has been changed, they use the opportunity to scam friends and contacts.

          Be careful and avoid scams:


              • be very careful about accepting the friendship of strangers

              • do not share links if you have not verified them first

              • even if it is a friend who shares a ‘strange’ link, don’t trust it just because of the friend’s credibility, he may have been the first victim.

            Third-party apps

            The permissions that are granted to Apps to access certain features and specific data in our account can sometimes be used for malicious actions. Before granting access to any App, it would therefore be wise to check its privacy policy and how it intends to use our data.

            The risk is that we may unknowingly give permission to a ‘malicious’ app to access our profile via a social media outlet and obtain personal information, giving hackers access to our online accounts.

            In such cases, the general rule is to download apps only from official stores.

            To summarise:

            Do not click on suspicious links, especially if they are reported by new, unknown ‘friends’.

            Only provide necessary information, and always avoid sharing sensitive information such as home address, phone number, bank details, etc.

            Use complex and different passwords for each account to mitigate the effects of a possible cyber attack

            Install anti-virus software, which is essential for the defence of our devices

            Keep the operating systems on all our devices up to date, to eliminate operating errors that can be exploited by cybercrime

            Do not use public Wi-Fi to access social networks, as there are many harmful risks involved.

            Never download apps from untrusted sources or unofficial stores

            Raising awareness remains the first weapon against cyber crime.


            Articoli correlati

            Digital Operational Resilience Act (DORA)

            Digital Operational Resilience Act (DORA)

            The Digital Operational Resilience Act (DORA) is a EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and...

            read more