As I have now an ad running on Facebook, I have also more visibility.
You should know that this visibility is not in all cases directed to the ones you target to become your fans.
no no no!
You also become visible to trolls!!!😈
I’m not talking about the good, cute little guys with big eyes 👀 and colorful flying hair that live in trees! No!
I’m talking about the insidious ones. Those crawling and hiding in the most obscure corners of the Internet.
They’ll do anything to have your money. 🤑 From their twisted minds, they imagine pitfalls and traps to fulfill their most malicious ambitions.
And like if just trolls weren’t enough, there are also the “Bad Bots“…
Bad bots are sneaky little programs that trolls use to scale up their dark activities, see “The Digital Guardian Blog“. These bots are built to act quickly and replicate themselves, which means they can turn small attacks, like data mining, brute-force attacks, and ad fraud, into much bigger problems.
What is an example of a bad bot?
Imagine a bad bot that’s constantly hitting up your website over and over again in just a short period, trying to steal your data or crash your server. Not cool, right?
While some of the less severe things bad bots do include messing up website metrics and occasionally hogging resources, they can also cause serious damage. If these bots go unnoticed, they can lead to major infrastructure attacks, theft, and a whole lot more.
Now, ever wonder how much of the internet is filled with bots trying to trick you?
Spoiler alert: it’s a lot!
According to the “2024 Imperva Threat Research report“, nearly 50% of all internet traffic is from non-human sources.
And here’s the kicker:
almost one-third of that traffic comes from bad bots. 😮
Yup, those sneaky buggers are everywhere, mimicking human behavior so well that they’re getting harder and harder to spot.
How this affect me?
The most common cyber attack from trolls that general people have to deal with as soon as they get visibility on the internet is something that is called “Phishing”. The following definition can be found in Wikipedia:
Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI‘s Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.
Well, the first times I was confronted with this sort of attack, I panicked for a long 2 seconds yelling “NOOO! Please give me another chance!” before I finally took over and realized it was fake.
Thereafter, I felt frustrated and insulted being targeted like this.
I understand it’s not personal.
So I report them when possible, or I just ignore and delete their message.
Now for me, they are more annoying than dangerous pitfalls. Thus I have to deal with it while staying careful.
Indeed.
Several times a week I’m being said that my Facebook page account will be banned or suspended in the next 24 hours if I don’t take action immediately, and correct the issue by clicking their links.
👉Sometimes it’s my profile picture (it’s a picture of myself😒) that is being attacked. They say it’s a fake and against the rights and copyrights of Neverland and it’s used without the permission of the author, etc. ;
Bullshit! 💩
👉Sometimes my ad content is against Facebook policies;
Again bullshit!
👉Sometimes they are suspending my domain name, or my Facebook page because it has received too much complaints.
That’s pure bullshit!
They are not short of tactics and bribing elements to tarnish and hack my account and it’s always a matter of urgency. They want me to believe their claim so, in panic, I would take the wrong decisions like clicking on their link and following their instructions.
How I recognize them?
In order to help me avoid those pitfalls, I made a research on how I could recognize phishing attempts by trolls and I thought that you would like to benefit from these information as well.
Recognizing Phishing Emails
Phishing emails are one of the most common ways Trolls try to trick you. Here’s how you can spot them:
- Check the Sender’s Email Address: Often, phishing emails come from addresses that look almost legitimate but have slight misspellings or extra characters. For example, instead of “service@paypal.com,” you might see “service@paypa1.com.”
- Look for Urgent or Threatening Language: Scammers often try to create a sense of urgency to make you act quickly without thinking. Phrases like “Your account will be suspended!” or “Immediate action required” are red flags.
- Suspicious Links or Attachments: Hover over any links (without clicking) to see where they actually lead. If the URL looks fishy (pun intended), don’t click it! Similarly, be wary of unexpected attachments.
- Generic Greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your actual name. Legitimate companies usually personalize their emails.
Identifying Fraudulent Facebook Comments
Facebook is a great place to connect, but it’s also a hotspot for scammers. Here’s how to keep your guard up:
- Too Good to Be True: If someone comments that you’ve won a prize in a contest you didn’t enter, it’s likely a scam. Remember, if it sounds too good to be true, it probably is.
- Strange Links: Be cautious of comments containing links, especially if they are from people you don’t know. These links can lead to phishing websites designed to steal your personal information.
- Poor Grammar and Spelling: Many phishing attempts originate from non-native English speakers. If the comment is riddled with grammatical errors or odd phrasing, it’s a red flag.
- Requests for Personal Information: Legitimate businesses or people will never ask for your personal information in a public comment. If someone is asking for your email, phone number, or other personal details, don’t respond.
In my case, trolls often presented themselves as a Meta employee within a comment I received on Instagram, Facebook or Messenger. When I found the threat in my email inbox, they often disguise themselves under the traits of some group or business.
In their template, they may even have a nicely crafted icon, or some picture taken from a trustful company, to add credibility like “MetaMask”, a software cryptocurrency wallet, that looks in relation with their topic, but has nothing to do with my online activities. See the example I pasted here.
If I don’t recognize the sender, I google the name to find out. This could give hints on the legitimacy of the email.
For example, I received several emails pretending being from OVHCLOUD. The message was saying that my subdomain name will be erased and that they sent me several alerts to tell me. The sender address was different for each email but always with a domain that looks like it comes from OVHCLOUD.
After a fast search I found that this is a web hosting company, providing internet related services around the globe.
The company probably provides subdomain hosting services, but I have no concern with them. What rights do they have to banish my subdomain name? And for what reasons? My domain and subdomain are not even hosted by their servers and I’m not using any of their services.
For comparison, I give here two similar phishing emails I received (If you look at these images on a mobile phone, I apologize, you will have maybe to zoom in a little):
By observation, you see the urgency of taking action is a common thing.
Look the link in the text that differs in the convention used to access the case id.
Note also the signatures which differ between emails. The look is far from being professional.
“Meta Business” is not a real entity or business, it doesn’t exist alone. The real Meta will not identified itself like this.
Finally, look at the email addresses which have nothing to do with Meta. 😤
Staying Safe Across the Internet
Phishing can happen anywhere online, not just in emails or social media. Here are some general tips to keep you safe:
- Use Two-Factor Authentication: Whenever possible, enable two-factor authentication on your accounts. This adds an extra layer of security by requiring a second form of verification.
- Regularly Update Passwords: Make sure you use strong, unique passwords for different accounts and change them regularly. Avoid using easily guessable information like birthdays or common words.
- Stay Informed: Scammers are always coming up with new tricks. Stay informed about the latest phishing tactics by following tech news and cybersecurity blogs.Now that you’re armed with these tips, it’s time to put them into action.
Now that you’re armed with these tips, it’s time to put them into action.
I just wanted here to bring a head up on these trolls activities so that you don’t fall into their threats. Because sometimes they look very realistic and can get your anxiety to level up for the time you figure it out.
Stay alert and always think twice before clicking on links or providing personal information online.
But don’t stop there! Share this knowledge with your friends and family. The more people know about phishing, the safer we all are.
Stay safe out there!
Martin
P.S. I’m curious to know if you have had such experience of falling into a phishing attempt and what was the consequences for you? Let me know in the comments below it will be a pleasure to hear from you. 😊
Leave a Reply