Advisory 11

Priority Level: Medium

TLP Rating: White

Social Media Online Scams

CERT Vanuatu and the Office of the Chief Information Officer (OGCIO) provides the following advisory.

CERT Vanuatu (CERTVU) office has received reports regarding the above mentioned attacks on its constituents through social media (Facebook).

These fraudulent correspondences generally impersonate Telecom Vanuatu Limited (TVL) and Digicel Vanuatu’s name and logo. These online scams appear as promotional advertisement claimed to be authorised from the TVL or Digicel with promised reward to successful participant of the promotion. Therefore, we are putting out this advisory and awareness for all our constituents especially to those involved who need to be aware of such "Online Scam attacks".

What is it?

Online scams are sophisticated messages or fake online information, often using professional-looking brands and logos to look like they come from a business you already know. This can make it difficult at first sight to know what is real and what is fake. A scam message can be sent by email, SMS, dating sites, social networking sites, instant messaging or even through videophone communications like Skype or FaceTime.

This Facebook scam is categorised under “online scams” which is of similar to those seen below:

  1. Dating and Romance scam
  2. Fake Charity scam
  3. Fake online shopping scam
  4. Investment scam
  5. Phishing
  6. Remote access scam
  7. Threat base impersonation scam
  8. Unexpected money scam

We have include the below link for your further reading on the above-mentioned type of scams.

https://www.staysmartonline.gov.au/protect-yourself/recover-when-things-go-wrong/scams

How does the Online Scam work?

A Scammer using online scams will use different tactics to try to win your trust and convince you often with very attractive offers. They can find a lot of information about you from your online profile on social media before approaching you. They may seem very genuine and believable as they use a lot real information about you and the promotions they are offering.

Scams target people of all backgrounds, ages and income levels across the globe. There's no one group of people who are more likely to become a victim of a scam therefore, all of us may be vulnerable to a scam at some time. They always succeed because they look like the real thing and catch you off guard when you are not expecting it. Scammers are getting smarter and taking advantage of new technology, new products or services and major events to create believable stories that will convince you to give them your money or personal details.

 

What it looks like

Here is a brief scenario of what this attack really looks like:

  1. While surfing and accessing Facebook, an advertisement pops up with the TVL or Digicel name and brand, requesting you to participate in a poll, which will in return, offer you with a reward.
  2. The reward is a promised Apple or Samsung smart phone.
  3. It offers a narrow timeframe to claim your gift otherwise, it will be forfeited and be given to another user (in this case its 1or 3 minutes 45 seconds).
  4. It provides you with a link to participate online which you will need to answer few questions.
  5. At the end of the poll you will be prompt to enter your credit/visa card details to claim your gift.

What CERTVU have done

Upon received report concerning this online scam attack CERTVU has:

  1. Reach out to the affected user to get more details into that online scam
  2. And advice the user on the possibility of being attack by an online scammer.
  3. Reach out to the two ISPs (Digicel and TVL) to confirm the validity of the promotion/advertisement appearing on Facebook.
  4. Produce a public advisory on the attack for our constituents.
  5. Provide and remind Internet users on the "Online Security Best Practices."

Mitigation Process

Mitigation from such attack is difficult and the chances of recovering from it is very low. It largely depends on the type and time of attack being reported to the concern authorities. However, there are possible preventive approaches, which you can take to prevent you of becoming a victim of Online Scams. Below are some of the actions you may take to ensure you do not fall victim of any of the mentioned type of attacks.

  1. If you happen to encounter the above mention scam online, please resist the urge to click on the link (s) provided. Restrain your curiosity to better protect yourself from scams.
  2. Check the URL to verify the source and validity of the advertisement or the promotion.
  3. Seek help from another friend or a family member who has sound knowledge on issues relating to IT.
  4. Call the customer care number of the organisation to confirm the validity of the information.
  5. Do not click on any suspicious link (s) which you have doubt about, trust your Gut-feeling.
  6. Report the incident to CERTVU or other authorities involved for further analysis and advice.

For further references to help you figure out if you are being scammed and, or what to do about different types of scams, please refer to the link below:

https://www.consumerprotection.govt.nz/general-help/scamwatch/identify-a-scam/is-this-a-scam/

Finally, scams and attacks over social media is on the rise. You are the best defence you have at detecting and stopping them.

How do I Stay Safe?

Here are the general minimal tips and advice from CERT Vanuatu as precaution steps:

  1. Use Identity verification checks, online security Best Practices and Tips. (i.e. check and request to verify the caller’s ID and work details to prove he/she is actually calling from the legitimate office)
  2. Report the incident to CERT Vanuatu on This email address is being protected from spambots. You need JavaScript enabled to view it. or call us on +678 33380
  3. Share the advisory and precaution steps among users in your organization and communities for awareness purposes.
  4. For more information and safety and awareness tips, see: Online Advisories & Alerts

References

  1. https://www.staysmartonline.gov.au/protect-yourself/recover-when-things-go-wrong/scams
  2. https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams
  3. http://cert.gov.vu/index.php/services/online-advisories-alerts
  4. https://www.consumerprotection.govt.nz/general-help/scamwatch/identify-a-scam/is-this-a-scam/