Social media scams and phishing attempts

Cybercriminals are rapidly evolving to target social media users and exploiting vulnerabilities with automated safety settings on many social networks. The most significant risks facing users originates from scams, social engineering and phishing. The less security conscious and savvy users may fall for convincing content. These can take the form of paid adverts, buy and sell listings, and seemingly harmless and engaging content.

Newsfeed scams

Identifying and avoiding scams and phishing attempts on social media is the same for farmers as everyone else. You may encounter scams and phishing attacks on your newsfeed, in groups as well as on marketplaces. The following serves as a general guide for newsfeeds and groups only and is not exhaustive:

  • Use caution when engaging with “fun” posts. Public posts as shown can be used by cybercriminals to harvest personal information.
  • Lost person posts. There has recently been an increase in the number of lost person posts on Facebook groups. While these posts may seem harmless as they are only asking you to share or comment, there are hidden risks to be aware of. The bad actors may alter the post at a later date, so it is a different message. They may also look for soft and gullible people to target with more sophisticated scams later. This doesn’t mean you should ignore similar posts. Just look at the details before engaging. Who posted it? Was it a local authority? Do they describe the person using the metric system? Do they list Australian towns, cities and states?
  • If you see a suspicious post do not engage with it. Do not share it, do not react and do not comment. Report it to the social network.E.g.Report content on Facebook. If the network leaves the post up it does not mean the post is safe. Their automated systems routinely get it wrong.
  • Fake endorsements and targeted advertising. Facebook, as an example, collects a vast amount of your personal data. They can monitor your location when out and about, your online purchases and what you are interested in through your engagement with content, both on their website and on other websites. This information is used to sell targeted advertising. While most adverts are genuine, some are malicious, and may be used to direct you to fake sales pages where they steal your credit card details or infect your device with malware. Many will impersonate brands of figures without the brand’s consent or knowledge. For example, you may see an advertisement from a bank advertising to invest in cryptocurrency. The ad may not have any relationship with the bank but is using their well-known brand name to create trust. Before clicking on an ad visit the main page or website of the associated brand to see if it is legitimate. If you discover it is a scam, report it to the social network. Remember, the social network may not act on the report. This is not an indication that the ad is genuine, and it is best to block it from appearing again.

Example: What, if anything, is wrong with the Facebook promoted post below?

Social media post with Dr Karl's face but not from his account. Links to an unknown website. Contains typos and poor grammar.

Marketplace scams

Cybercriminals are increasingly exploiting vulnerabilities on social networks, such as Facebook, to run fake marketplace listings. The perception you are engaging with a real person in a believable and local environment creates a perfect environment for cybercriminals to flourish. The goal is simple. To encourage victims to send them money for an item that does not exist. The following is a list of things that you can do to help identify potential fraudulent listings. Some signs may be subtle, but with a little practice and vigilance, you will become a pro at spotting fraudulent listings:

  • When buying items from Facebook Marketplace or buy and sell groups, look at the fine details. For example, when buying a vehicle is it left hand or right-hand drive? Do the appliances have an Australian plug? Many cybercriminals will use random images found online and will not recognise these finer details.
  • Inspect the seller’s account. Is the account relatively new? Do they have many friends and are the friends local? A relatively new account is unlikely to have much experience or knowledge on how a social network operates or the services it provides. If a new account seems too 'slick', it may be a scam.
  • Watch for spelling, grammar and colloquial signs of a potential scam. Although these can be difficult to pick up, sale posts such as “yard sale” are typically found in North America while Australians typically use “garage sale.”
  • Currency symbol placements can also be a warning sign. Are prices advertised as 45$ or $45? Some countries place the symbol to the right. Also pay attention to the thousand and decimal separators. Western countries commonly use a comma for decimals (cents) and periods for thousand separators.
  • Check for urgency and pressure to buy signs. Do they sound like a used car salesman? Scammers will use high pressure tactics to get you to pay.
  • Do they accept cash and local pickup? Do they offer protected payment methods such as PayPal? If they don’t allow you to view the item and only accept payments through a bank transfer, this is a warning sign that something could go wrong.
  • Be aware of the PayId scam. The PayId scam is a sophisticated scam where criminals will deceive you into sending them money. The scams have several versions and work as follows:
    • You have an item for sale and a potential buyer offers to pay for it via PayId. They will send you a message saying that to unlock their account they need to send you additional funds. They will send you a fake message that states the funds have been sent and ask you to refund the additional payment. Unfortunately, they never sent you any money, and when you send them a refund, they have successfully stolen your money.
    • Someone may have an item for sale and request payment by PayId before you can pick up the item. They often claim that other people will buy it before you, creating a sense of urgency. Once you send them money they may stop communicating, block you or give you a fake address.
  • Is it too good to be true? If it is, it’s probably a scam.

What to do after you have been scammed on a social network

If you have fallen victim to a social media scam the first thing you should do is stop all contact. Next, you should report the scam to the social network so that the account can be investigated and removed from the platform. Following that, you should report the crime to the authorities. Report and recover | Cyber.gov.au If the scam originated in a group, you should report the incident to the moderators so they can take action to inform other members and remove the cybercriminal. After you have done the above, it is a good idea to change the password of the social media account and any other portal that uses the same combination of email and password. You should also check bank accounts for any unusual activity. If money has been lost, report it to the authorities and request the bank to intervene to place a hold on any unprocessed payments, recover your funds and issue new cards and login credentials linked to the account. Finally, share your experience with family and friends to raise awareness and help prevent others from falling victim to similar scams. This is covered in further detail in the section on Report and Recover.

Case study

Desperate to find stock feed during a recent drought, a farmer from Tamar Valley, Tasmania, turned to Facebook in an effort to find bales of hay for her dairy farm. While she didn’t expect to find respite, she was surprised to receive a message from a man offering help. The man claimed that he had helped several neighbouring farms in the district. While the initial contact was made over Facebook, the farmer talked over the phone to the man and arranged a payment of $3500 for several truckloads of hay that were to be delivered the next morning. The following day came and went without any delivery of hay. While many may expect a scammer to disengage from the target, the man continued to talk to the farmer, apologising for the delay and making excuses. Ultimately, no hay was ever delivered.

Emphasising the importance of reporting cybercrimes, Tasmanian police charged a male in relation to the fraudulent activities involving stockfeed.

Full story: Facebook hay scam targets Tasmanian farmers battling dry conditions as person charged over alleged fraudulent activity - ABC News

Practical tips for farmers

Continue to the next topic

Your online privacy

Password tips

Email addresses