Social Media Scams and the Heckin Chonker – Basic Tips for Not Getting Hacked

Social Media Scams

You’re locked out. Sweat starts to bead up on your face and the heat starts rising past your cheeks to your forehead. Your whole universe of thousands of friends and acquaintances are in the hands of someone or something that just took advantage of your wonder and your curiosity. And now you have to start from scratch and hope that you had friends in real life for vouch for your new profile.

Almost 80% of Americans are on social media, and it’s been lucrative to scammers and bots, to the tune of $800 million last year alone. With growing sophistication, bots are hard to get away from, and easy to fall victim to. But there are a few general good practices there are for protecting yourself.

First thing you need to know is the difference between straight hacking and social engineering. A programmer who uses a software tool to crack passwords or get into a network is hacking. A person who cons you into giving up your birthday to answer a security question for your bank account is social engineering.

Why knowing the two is important is because you are far more likely to be socially engineered than hacked. If you click on a video your friend sends you that they say “OMG is that you?!” and it “kicks you out of facebook,” and you sign back in, you just got phished, and you just gave your username and password to a scammer. You got socially engineered, not hacked. Scammed, not hacked.

So here are five things to look out for, or keep in mind.

Phishing

Phishing is simple. A scammer buys a website, and makes it look exactly like a social media site’s login page. The link to that page is connected to an image of a video screen, or some other picture that is designed to fool an unsuspecting person to click on it. (a video screen, and “OMG, is this you?!”) on the link. It takes them to the fake login page, and they, thinking that clicking on the link “kicked them out” of the social media site, logs back in on the fake site, giving the scammer their username and password.

The defense here is simple. No link, when clicked, will kick you out of your social media. It may do other things, but it won’t kick you out. If you wind up on a login page, look at the website url up in the top bar of your browser. It should say ‘facebook.com, or Instagram.com, whatever. If it says something else (and look carefully) it’s a sham link, and a phishing scheme.

Also, don’t click on things you don’t know. If someone sends you a link, ask them what it is. If their answer sounds fishy, don’t click.

Passwords

Passwords are everywhere. It’s tough to manage all of the passwords you need to create everyday, but they are all that stand between you and potential ruin. So this tip is about more than just social media. Passwords are ubiquitous.

I read somewhere that, in creating bear-proof trash cans, that there is overlap between the smartest bears and the dumbest tourists. That’s how passwords are, sort of. To make a perfectly uncrackable password everytime would mean you would forget it every time, or you would have to write them all down and have that paper handy everywhere everyday. It’s not practical to have a random assortment of upper- and lower-case letters, numbers, and symbols 16 characters deep. But you don’t really have to. Just keep these things in mind:

You want at least ten characters. If you can swing 16, great.

You do want a mix of upper-and lowercase letters, numbers and symbols, but you can find ways to set them up so that you remember them from password to password.

Use passphrases in your password combos. Don’t use Heckin alone; use HeckinChonker. Capitalizing the words in your passphrase is alsoi a way to get there.

Using at least ten characters, upper-, lower-case letters, numbers, and symbols can take a password program 450 million years to crack by trying every combination.

Also, change your password every six months. Companies get hacked, passwords get stolen, be safe.

2FA and Google/Facebook logins

2FA means “2 Factor Authentication.” It’s when you put in your login stuff and it sends a text to your phone. Assuming you’re the only one who has access to your phone, it’s a super secure way to log in. Turn it on whenever you can.

And this one is tough, because it’s so convenient. Stop using Google and Facebook to log into other sites. If your Facebook or Google accounts get hacked, they could have access to a lot of sites.

Sharing

This one is tough, especially in our days of “share everything.” You have to assume that that guy you added from high school that was okay back then might not be okay now. Don’t share your children’s names. Not only are you likely to use your kid’s name as a password or something like that, but you’re giving someone information that they could use against you. Say you talk about having to pick Sam up from Little League every Monday at 6pm, and someone from Barbados gets your number (easy) and they tell you they kidnapped Sam from Little League. How convincing they can be depends on how much you talk about your son online. You might be putting a grand on a gift card and sending it out to Barbados before you know it? Don’t think so? It almost happened to me with my father, and it was terrifying.

Everything you share could be employed in some scam, so just keep aware of the kinds of stuff you’re sharing. It’s impossible not to share, so just know what a criminal could know about you.

Adding Friends

This one is usually easy, the guy with generic pictures and only three of them, two friends, easy to block as a scammer. But these people get around. All it takes is one popular person to absent-mindedly accept them, and others will too. Before you know it, you have a hundred mutual friends with the person. So you add them. Then you get the message. So real simple here: you add somebody, and immediately they send a message, if that message isn’t very freaking specific, block them. Or better yet, report them.  And on a broader note, it’s good policy to actually check out the profile of a friend request.

Insta, Twitter, TikTok.

People can scam on these platforms just as much as Facebook, which, in case you didn’t notice, this article applies the most to. Insta is probably harder to scam on, but a fake profile can grift with the best with them. In fact, any platform that allows links is open to bots and social engineering, so all the platforms that have younger bases are susceptible. I think that Facebook is more vulnerable because older people are on it who didn’t grow up with bots and scammers.

So be careful out there. Nothing has to be as it seems, and if it sounds too good (or too bad) to be true, probably is.