Social media helps create personal and business connections such as individuals seeking job opportunities or startups looking for capital. Scammers know how to use social media for new prospects as well.
The San Diego-based Identity Theft Resource Center reported that LinkedIn, and its 500 million users, is one of those trustworthy social web sites that scammers use to cause potential victims to let their guard down and fall victim to a bogus loan scam.
In 2017 there were 30,034 reports of loan/lease fraud alone, according to the FTC, so finserv organizations need to worry about the rip-offs and the black mark it leaves on the industry even if they are not directly – or indirectly – involved.
The ITRC described how the LinkedIn scam works, “you might receive a LinkedIn message that appears to be from a legitimate company or someone you know, offering financing for a personal loan.” But instead, it is a scammer capable of capturing personal info via this loan form, which can lead to identity theft. “If you are a LinkedIn user, be on the lookout for messages from accounts that appear to be trustworthy. If a job offers you a loan or other opportunity, be mindful of handing over your personal data or money.”
The ITRC recommends remaining cautious about clicking links, downloading forms or opening attachments. “If possible, request a direct website to find the necessary form instead. Always make sure you know the source before submitting any sensitive information.” Once fraudsters gain access they can sell personally identifiable information on the darknet, use stolen account data to receive or transfer money, or purchase goods.
Since 1997, the FTC Sentinel has collected tens of millions of reports from consumers about fraud, identity theft, and other consumer protection topics. During 2017, Sentinel received nearly 2.7 million consumer reports, which the FTC sorted into 30 top categories. The top three categories were debt collection, identity theft and imposter scams. Of the 1.1 million fraud reports, 21% reported a loss. There were $905 million total fraud losses with a $429 median loss.
The ITRC reported there is no shortage of scams, fraud attempts, data breaches, and hacking. “It doesn’t matter who the victim is: personal tech users, companies of every size, senior citizens, even school children. Criminals who are after your identifying information or your money have no moral compass when it comes to stealing.”
“But all too often, victims end up doing the dirty work for the criminals. Whether it is falling for a scam, handing over their information, or installing a virus on the network, if a criminal can trick you into doing his bidding, you are making his job easier,” the ITRC said in its blog.
“One of the common strategies scammers use is known by several different names, depending on how it played out,” the ITRC contended. Spoofing, phishing, smishing, and boss phishing are just a few of the labels used to identify the same kind of attack, which involves getting recipients to comply with the message. Many of these attacks originate in phishing emails, but smishing (from the term “SMS phishing”) comes through text messages, while spoofing and boss phishing come from someone known by the company or individual.
What is the common denominator in these kinds of attacks? A link. Once clicked, the individual is either redirected to a fake website and encouraged to input sensitive information. More often, simply by clicking the link they have already downloaded a virus to their computer or mobile device. The virus will then search the device for information, and even send itself to everybody in a contacts list by pretending to come from the clicker.