mobile phone on login page

 

Think twice before using Google or social media to sign in. Scammers use fake sites to steal your account.

In today's Fraud Defense Tip, we are talking about websites that give you the option to log in using your Google or Facebook account to create profiles. 

 

Example: Member Exclusive Deal

You receive an email that appears to be from a national retail store, offering a member-only special discount for an item on your wish list. You are instructed to click the link to log in and claim your discount before it's too late. If you click the link, you will be taken to what looks like the retail stores' member login page, where you are given the option to log in using your Facebook or Google account. If you enter your account login information, cybercriminals will steal it and take control of your account.

 

Here’s how it works:

  1. Scammers will use any kind of tempting offer — jobs, exclusive deals, giveaways, member perks — to trick you into handing over your account login credentials.
  2. The website is a fake, likely containing a small error in the URL address, such as a missing letter or missspelling
  3. When you enter your login credentials, scammers have instant access to the information and will quickly act to take over your account and spread more scams, or worse, steal if your money, if you entered your financial account information.

 

Why Fraud Alert Scams Are Dangerous

Login scams are especially dangerous because you are handing criminals direct access to your online accounts. If a scammer gets your Google or Facebook credentials, they may be able to gain access to every site or app you have set for easy sign-in. Once inside your account, cybercriminals can change your password and lock you out. From there, they can start messaging your friends, pretending to be you, and spread the scam in your name. And let's not forget the potential financial loss if your account credentials are tied to stored payment information or business tools, allowing criminals to make purchases, drain your account and pretend to be you as they scam others.

 

How to Protect Yourself From Login Scams

  • Pause before you click - Hover over the URL and look for red flags in the URL, an extra character or a misspelling. When in doubt, assume it's a fake and verify by going to the company's official website.
  • Log in directly from the company's official website - If you get an unsolicited email, don't use the link in the email to log in. Open a new browser window and type in the company's official website. Better safe than sorry.
  • Skip quick sign-in - Don't use social media or Google logins when signing up for new sites. Create a unique username and password instead. Do your research first to verify the company and website is safe. 
  • Use Multifactor Authentication (MFA) – Turn on MFA for Google, Facebook, and other accounts to add a layer of protection.

 

Learn More and Stay Informed