We have all been warned about staying safe on social media and how there are various scams online. Very few people actually understand how these scams work.
In the 2016 Symantec Internet Security report, Symantec give a easy to understand description of various social media scams.
These rely on victims to actually do the work of sharing the scam by presenting them with intriguing videos, fake offers, or messages that they share with their friends.
These scams invite social network users to join a fake event or group with incentives, such as free gift cards. Joining often requires the user to share credentials with the attacker or send a text to a premium rate number.
Using fake “Like” buttons, attackers trick users into clicking website buttons that install malware and may post updates on a user’s newsfeed, spreading the attack.
Users are invited to subscribe to an application that appears to be integrated for use with a social network, but is not as described, and may be used to steal credentials or harvest other personal data.
Users are invited to install a plugin to view a video, but the plugin is malicious and may spread by re-posting the fake video message to a victim’s profile page without permission. Examples include installing a fake YouTube premium browser extension to view the video, or noticing that a DivX plugin is required, and the fake plugin masquerades as such.