The Philippines is the social media capital of the world, with the average Filipino spending roughly 102,054 hours or 11.64 years of their life immersed in the digital world. And it’s not news that the digital world has its own dangers.

Many frauds and scams in social media can severely compromise your data and privacy. What’s frightening about these is they are often hard to detect. One thing to look out for is social media tagging.

What’s so scary about a tag?

Many of us are used to getting tagged on posts or photos by friends and family on social media. We probably get tagged so often that we don’t even think twice before clicking on the link or photo in question.

Cybercriminals saw this as an opportunity and have taken advantage of this. They embed malware into videos or links and spread them on social media through tagging. Security researchers call this malicious tagging.

Here’s how the social engineering scam works. Users are tagged by either a friend or a complete stranger on a post with a link. Unbeknownst to you, the person who “tagged” you is just a victim to the scam itself.

Once another person clicks the link, the malware automatically reposts it on their behalf, tagging another set of people on their friends list. The cycle continues.

Another version of this scam happens on messaging apps. Sometimes, we receive a link that says, “You got a gift!” or “Here’s your voucher to the brand sale!” Once clicked, it automatically sends the same link to your friends under your name.

Previous iterations of this scam would link to adult videos of celebrities or influencers, but more recent ones have included deals, promos, and even surveys.

While it’s easy enough to ignore a tagged post from a random stranger, people aren’t usually as wary when it comes to a tag from someone they trust. That’s where this Facebook fraud scam gets trickier.

When someone on your friends list clicks the malicious tag—whether accidentally or on purpose—their device or account is infected with the malware. The malware then starts tagging other contacts on Facebook without the owner knowing.

How to prevent online fraud and scams

When it comes to the internet, you can never be too safe.

If you ever get tagged on a post even by somebody you know, do not click the link right away. You can do a prior inspection if the link is legit.

To do this on your PC or laptop, hover your mouse over the link instead of clicking it. The actual URL should appear on the bottom left corner of your browser.

If you’re viewing it on a mobile device, you can tap on the three dots on the upper right hand side of the post, then copy-paste the link to your notes app. You can even ask the person who tagged you what the link is about.

If the link is unfamiliar to you or it has been shortened using a third-party app like bit.ly, it’s best to stay away from it, unless it comes from someone you trust and you have prior knowledge about it. Ask the sender to be sure. Be extra cautious if the accompanying caption is trying to elicit a strong emotion, like shock or fear.

What happens if you clicked on a malicious tag?

If you accidentally clicked a malicious tag, don’t panic. There are a few steps you can do to add security blocks to protect your data.

1. Change your password. The malware spreads by taking over your Facebook account. Change your password right away to “lock” the malware out.
   
2. Review your login history. Head to your settings and see when the last login to your account was. If you don’t recognize it, report it right away to Facebook and unlink that device from your account.
   
3. Report the malicious tags you see as spam. To do this, just tap the three dots on the upper righthand corner of the post, click Report Post, and send a report. This will alert Facebook and get them to take it down before it victimizes anyone else.

You can also watch out for these signs to see if malware has already penetrated the security system.

• Facebook. If you see any posts on your timeline that you never shared, notice any suspicious logins, or have messages in your Inbox which you never sent, your account may be infected.
• Your device. Whether it’s a laptop, desktop, or mobile phone, check your device if it takes longer than usual to load. Also check for new applications you haven’t installed or any pop-ups or ads appearing on screen outside your web browser.
• Browser. Check for pop-ups or ads that suddenly appear on your screen whenever you use the Internet. You may also spot some changes on your search engine or home page even if you didn’t alter the settings.

We all love being tagged on posts, photos, and videos on social media. But next time you click a tagged post, exercise caution to ensure you aren’t compromising your data.

For more information on fraud and how to avoid it, be sure to regularly visit the Metrobank fraud page for updates.