Online hoaxes are more than just a nuisance, they have become one of the top ways to spread malware. Between fake news stories and false hopes, users are more at risk for being hacked then ever before. (Hint…this blog may amaze you, but it certainly won’t change the world or make you look 25 years younger).
Online hoaxes may seem innocent on the surface, but they can lead to information mining, data breaches, and viruses. As you read this post you’ll see that in many ways, identifying these hoaxes is much like protecting yourself from email phishing attempts.
Since your employees are the first line of defense for your network’s security, it’s important to educate your employees to spot online hoaxes.
Fake News vs Satire
Satire has been around quite some time. In fact, one of the earliest examples of satire was discovered in writings found in ancient Egyptian excavations. Satire is meant to be taken lightly; it is full of heavy sarcasm targeted at what could *almost* be a true story if it didn’t cross the line into absurdity. Satire sites like the Onion and World News Daily Report are prime examples.
Fake news is entirely made up, usually for political reasons, with no attempt at irony. Fake news is meant to be taken at face value with the hope that the reader does no additional research and spreads the story throughout social media so more people can read it and be misled.
The problem with fake news is that it can be made to appear to come from a legitimate source. There may only be some very subtle differences between the fake news site and the legitimate one.
This brings us to our next point: spotting phony URLs.
Does the URL Seem to Be Legitimate?
Hoax URL’s are meant to mirror legitimate websites, but you will find something slightly off about them. Sometimes it’s a misspelling of the site’s name, other times it might be a different domain name (.net vs .com, for instance). If your employees have any doubt about the authenticity of the URL, advise them to log directly into the website using their browser instead of clicking on the link.
Like checking for URL legitimacy, users also need to verify that brand posts are coming from the official brand website. Some users see offers from their favorite brand and click on them without thinking about it. Dunkin’ Donuts is one example, with phony offers from fake sites urging users to click and claim their “free donut.”
Some red flags that an offer or post isn’t coming from a legitimate brand site include:
- Misspellings
- Poor grammar
- Lack of verified badges for the fake site on social media sites like Facebook, Twitter, and Instagram
- Lack of likes, shares, or posts on the fake company social media page
- Deals that are too good to be true
That last point is so important, it deserves its own segment.
Deals That Are Too Good to Be True
We all want the most “bang” for our buck, but most of the time if a deal seems like it is too good to be true, it is. Cadillac is giving free cars to the first ten people who register? Doubtful. Nike is giving away a free pair of high-tops to everyone who shares their posts? Unlikely. Miracle cure for cancer? Not verifiable.
Any post that invites you to click a link to register for a free big-ticket giveaway or a product that claims to be “a miracle” is, most likely, not legitimate. If you’re not sure, visit the company’s website and check to see if they have any contests or giveaways listed. Never click the links provided to “claim your prize.” Or to “check out this unbelievable story.”
That leads us to our next point in spotting online hoaxes.
Online Hoaxes Frequently Involve “Unbelievable” Stories and Headlines
“Lose ten pounds overnight while you eat ice cream!” “Try not to gasp when you see…” “Meet Ricky, the violin playing racoon!” “JFK spotted at Popeye’s in Wisconsin decades after his death!” “Cleopatra Zoombombs corporate meeting from beyond the grave!”
Catchy headlines are meant to entice you into clicking the post, but when you do, you’re greeted with click-bait (at best) or malware. If you’re lucky, you may get to piece together some kind of story between all the ads, but if you’re even luckier, you never clicked those links to begin with. What you will most likely find is text that’s completely unrelated to the headline, full of advertising and grammatical errors.
Speaking of grammatical errors, read on to see how spelling errors and goofy grammar are red flags for online hoaxes.
Does the Headline Contain Glaring Grammatical Errors or Misspellings?
Legitimate sites have a copy-editing process to weed out spelling errors and grammatical mistakes. If the headline you are reading hurts your inner Grammar Police settings, it’s a dead giveaway that the referenced “posts” are not legit.
Many of these headlines will not roll out smoothly in your mind as you read them. Stilted, unnatural styles of writing are usually indicators that the posts have originated from outside the United States rather than the US based companies they claim to represent.
Much like duplicate friend requests on Facebook, grammatical errors indicate something is amiss with the post.
Did You Receive a Friend Request from Someone You’ve Already Friended?
It seems every other day you read warnings from your friends: “I’ve been hacked. If you receive a friend request from me, don’t accept.” Hackers recreate existing profiles and send out friend requests hoping that you don’t realize you are already friends or that a familiar name will make you more likely to accept them. Once in your friends list, these bad actors can spread their bad intentions to your entire list. They might send inappropriate messages with your name on it, or private messages with infected files and videos.
Obviously you never want to click a video from anyone in a private message, but you should also double check that you are not already friends with a requestor. Contact your friend on the profile you already have in your friends list and verify that they have made a new account. Be wary of any requests that come from a “friend” with only a handful of contacts and no shared or mutual friends.
Another tactic is for a hacker to make up a fake profile completely, sending you a friend request based on shared experiences or hobbies. We’ve all seen Catfish: The TV Show and can agree: this rarely turns out well. This strategy aims to collect personal information and spread requests to your friends list, where more information is collected.
It can be challenging to track who is looking at your profile and sending these unwelcome friends requests, even if you receive an offer to download an app to let you see who is viewing you. This brings us to our last warning about online hoaxes.
Does the Post Offer You Ways to See Who Is Looking at You?
If a post promises you ways to see who is looking at your profile, run. Arguably, Alexa and Google are the only ones that can spy on you, according to some online hoaxes.
Facebook and other social media sites have privacy policies that block users from seeing this information, so any post promising you access to your profile views is not legitimate.
Online Hoaxes: A Final Word
Hackers are upping their game every day, and the ways they try to trick users are increasingly becoming more sophisticated. Social media users tend to let their guard down, anxious to see that hilarious memes list or to find out how they can look 30 years younger by using this magical cream twelve times a day for eighteen weeks (free .05 ounce sample of the miracle cellulite cure included with any paid order).
Remember the basics of online hoaxes:
- If it’s too good to be true, it is
- If it’s too unbelievable to be believed, don’t believe it
- If it claims the impossible to be true, it’s impossible that it’s legitimate
- If it contains too many misspellings or grammatical errors to be taken seriously, don’t
- Choose your “friends” carefully, and only once
Iconic IT can’t save you from the embarrassment of getting caught liking your ex’s pictures or accidentally commenting on a post that’s four years old, but we can save you the hassle of being infected by the malware frequently contained in online hoaxes.
Contact us for a risk free, no obligation consultation and see how we can help you keep your network running safely and smoothly.
And that’s no hoax.