Social media scams, promising great deals and free money, are currently sweeping the Internet. Don’t believe everything you see — there’s a price to pay when you share too much information or fail to think before you click.
Watch out for these common scams1:
n Facebook: In the Facebook phishing scam, users receive an inbox message stating they have been mentioned in a comment. Scammers hope that users will click on the malicious link in the message, which will download a Trojan to the user’s computer with a malicious chrome extension. When the user logs into Facebook again, the scammers can capture their information and spread the scam to other users.
n Twitter: In the Twitter cash starter kit scam, scammers set up fake profiles on Twitter promoting a “get cash fast” scheme. Users who order the kit surrender credit and debit card information and get charged a hidden $50 membership fee. Scammers also use the information to make fraudulent charges on users’ credit cards.
n Instagram: In the selling account scam, scammers target users who are trying to increase their follower base. Unsuspecting users pay scammers a hefty fee for login credentials to fake accounts with large follower bases. After the user pays the fee, the scammers, the money, and the advertised profile disappear.
n LinkedIn: Fake job offers are among the top scams on job board websites. The scammer takes the user’s personal information from the job application, and hires the user for a short period before he or she is “laid-off.” The scammer does not pay the user for time worked, and steals personal information, such as the user’s social security number.
Please refer to Handbook AS-805, Information Security, part 363, for official social media guidance from the Postal Service™. As a reminder, do not:
n Create unauthorized social media accounts on behalf of the Postal Service;
n Post messages to social media platforms on behalf of the Postal Service*;
n Log into personal social media accounts on any Postal Service devices; or
n Link personal social media accounts to your Postal Service email address.
For more information on cybersecurity best practices, check out the new public-facing CyberSafe at USPS™ website at uspscybersafe.com or the CyberSafe at USPS page on Blue (blue.usps.gov/cyber/).
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 4-13-17
