Many people seem to be getting their accounts hacked these days. A lot of times, it’s not entirely the fault of the victim, but a result of the company that owns the accounts, getting its servers hacked.
For example, say you own an Amazon account because you bought something one day, and Amazon gets hacked, giving criminals access to 500,000 accounts, and yours happens to be one of them. But other times, these criminals can get access to your account because of an action you unknowingly committed. This process is usually started by the criminal sending you an email. So how do you protect yourself and spot these scams?
Well, a lot of these emails, lately, are coming through social networks. I have here a good example that comes from Twitter. I’m looking at an email that was sent to a friend of mine that eventually led to getting their Twitter account compromised. Frequently, the way these Twitter scams work is that a scammer gets access to somebody’s account and they start sending out direct messages to everybody that follows, or that’s linked to that account, with something that’s intended to draw them in. It’ll say something like “check out this picture I found of you,” or “you won’t believe what these people are saying about you.” Then there will be a link. You click on the link, and what usually happens is that you’re taken to what, you think, is a login page for Twitter. What they’re hoping that you’ll do is sign in to Twitter so that you can access these pictures, when in reality, what you’re doing is, you’re not actually signing into Twitter. You’re just putting your information into a fake form so that they can now compromise your account. This happens all the time, and it happens not just with Twitter, but with all different kinds of services, such as Facebook, Instagram, Tumblr, etc.
If you get a message like this think seriously about if it’s the kind of message that you would be receiving from this person. Now, I highly doubt that a company would be sending me a Twitter direct message to let me know that they found funny pictures of me online. So right there, I’ve got a good idea that this is a scam. If I click on the link for some reason, and in this case I really would not advice doing that, and you’re taken to a login page, that’s when you have to get really suspicious and look really carefully at the URL. I would even consider just closing the page, going to twitter.com, and try to login directly to the site that I know is legitimate. If I go back and click on the link a second time, and it tries to make me login again, that’s another sign that this is not a real login page.
There are a few other things that you can also do to identify these fake pages, or the scam pages. Make sure that you’re on a secure connection with the website. So look for “https://” rather than just “http://” on your browser’s address bar. That’s an indication of a secure connection. If it’s a fake secure connection, if they’re trying to use “https” but they don’t actually have a security certificate, that will set off alarms on most modern web browsers. So that, again, is a good indication.
You can also look for a lock symbol. You may notice this symbol on your web browser most of the time when you’re surfing around, but it will be unlocked. That’s an indication that you don’t have a secure connection. If you have a lock, that’s an indication of a secure connection. Again, neither one of these two, the “https” or the lock, is a complete guarantee that you have a secure connection with a legitimate vendor. But they are indications, and when you combine these along with carefully reading the email, the tweet, or the whatever the social media messaging was, it’s a good way of preventing or alerting yourself and making sure that you’re going to be a little bit more careful about what you’re clicking on and what sites you’re logging into. Also be sure to be looking for the grammatical errors and other suspicious indicators. You have to take a total approach and weigh all the factors together.