How to protect yourself from "blue badge" verification scams: Internet Scambusters #1,077
Do you aspire to have one of those verification "blue badges" that several social media sites are now offering - for a fee?
If you're not a celebrity, a famous shopping brand, or someone else important, you likely won't qualify.
But that hasn't stopped scammers claiming they can get you one, when what they're really after is your money and your ID, as we explain in this week's issue.
Let's get started…
Scammers Target Social Media Verification Programs
After a number of false starts, social media giants like Facebook, Instagram, and Twitter are getting serious about "blue badge" verification. So are scammers.
Both Meta (which owns Facebook and Instagram) and Twitter have relaunched programs this year offering verification badges - for a substantial monthly fee.
So, the aim is not only to make certain accounts secure but also to make a lot of money in the process. According to an estimate from Bank of America, Meta could earn more than $1.7 billion a year by charging people for a badge, which sits alongside their name on the site.
But many people don't realize that, although, in theory, anyone can apply for a badge, they're intended mainly for people and organizations that are well known and whose reputation could be put at risk by an account takeover or an imposter.
Verification is actually quite a complex process - to ensure it works safely. Which is where the scammers step in.
They create online posts or send messages saying they can arrange verification quickly and cheaply, often for a lowish one-off fee. In some cases, they may even say you've been pre-approved for verification, subject to payment.
Other times, they've been known to contact users at random, saying that verification is now compulsory and that if you don't have it, your membership of the site will be closed.
None of these claims is true.
And it's not just your money the crooks are after. In at least one recent case, victims were required to complete a whole batch of forms in which they had to provide all manner of personal and confidential information, making them ripe for identity theft.
Don't Fall For a Blue Badge Verification Scam
To avoid falling for a verification scam, here are a few things to know:
- Social media firms do not reach out to offer verification. It's up to the individuals to apply via their account settings. Any invitation you receive is likely a scam.
- They do not make a one-off charge that gets you in permanently.
- You will have to provide lots of ID information, so you need to be doubly sure you're dealing with the right site. Scammers clone sign-on pages for most sites, changing maybe just one letter or adding a word to the correct address.
Do You Really Need Verification?
As we said earlier, the use of verification badges is intended to protect those who, in turn, have a reputation to protect.
And even then, there are still security risks, albeit more remote, for verified users.
Here's what James E Lee, chief operating officer of the Identity Theft Resource Center (ITRC) had to say:
"This will be a monumental waste of time and money in my opinion… They'll just be compromised by a criminal who was able to pass the verification."
Furthermore, he said, "It's just plain wrong to charge people to verify their identity to help keep their personal information secure."
And Zulfikar Ramzan, chief scientist at data collection specialist Aura, recently told broadcaster CNBC: "When you interact with a verified account, there's a greater assurance that someone is who they say they are. However, this isn't foolproof. It is possible, although difficult, to dupe the verifying systems within these social platforms."
Avoiding an Account Takeover
The bigger danger to the rest of us social media users - the great unverified if you will - is the risk of an account hijack. The number of compromised accounts increased fourfold last year alone
The most important steps to avoid this are:
- Use a unique password for each account and don't reuse it elsewhere. Update it regularly.
- Use two-factor or multi-factor authentication (TFA and MFA) to prevent anyone who has your password from signing on to your account. See our report #687 for this - How to Easily Enhance Your Password Security.
- Don't share any codes you receive as part of your MFA.
- Always make sure you're on the correct site (that is, one that uses the exact name, like facebook.com) before signing in.
- Ignore messages saying your account has been compromised and providing a link to reset your password. Again, go to your genuine online account to check for problems.
- Don't click on links or attachments in messages from unknown or unreliable sources. They could download data-stealing malware onto your PC.
And watch out for friend requests from people you already follow. That almost certainly indicates their account has been taken over. If you accept the fake friend request, you could also be giving the scammer access to your own friends list.
Finally, if your account is hijacked, change your password immediately, tell the relevant social media company - and tell your friends in case they get a fake request that seems to come from you.
This Week's Alert
Self-checkout grab: Self-checkouts are now a common sight in many supermarkets. And they're somewhat controversial with shoppers who feel it's not their job to scan their own groceries. But now they've thrown up a new issue.
When you think of it, a self-checkout area is full of people handling their wallets and credit cards. So, it wasn't going to be long before a thief hit on the idea of stealing a card while the shopper is distracted.
Typically, the crooks work in pairs. One drops some cash on the floor right beside the shopper, who helpfully bends over to pick it up, while another crook removes a card from their wallet or purse.
Keep your hands on your wallet and your cards!
That's all for today -- we'll see you next week.