Phishing has been around for a long time and despite a greater knowledge about the types of scams available, it still continues to prove one of the most successful ways to con people out of money or trick them into disclosing personal information.
Cybercriminals continually adapt and tweak their scams to reach as wide an audience as possible and social media phishing has provided them with a lucrative new attack method.
There are over 3 billion social network users around the world, and this massive global audience provides the crooks with a rich hunting ground for attacks.
A recent report from RiskIQ found a 100% increase in social media phishing attacks across all social media platforms and this is only expected to rise with the proliferation of new networks and users.
Traditional email-based phishing continues to prove a lucrative way to defraud people, but social media phishing enables criminals to blend in among the masses, quietly and methodically research their potential victims, and then launch targeted attacks that often go unnoticed.
They are also quick to take advantage of a more relaxed and trusting online environment. The reason many of these scams are so successful is that users tend to be less suspicious about links on social media than they would be on other platforms.
Most common social media phishing scams
Fake customer service accounts – Social media has changed the way customers interact with brands and they tend to go directly to a company’s social media channels for customer support. Fraudsters have been quick to take advantage of this online relationship to launch fake accounts impersonating major brands. Research has found that 19% of social media accounts appearing to represent top brands were all fake.
Fake comments on popular posts – A trending news story or popular post will tend to generate a lot of likes and comments. Fraudsters will take advantage of this large audience by adding their own comments to the posts with links to other attention-grabbing headlines. As soon as users click on the link, they will be directed to a phishing website or their computer will be infected with malware.
Fake online discounts – It’s hard to resist the lure of a cheap bargain online but these too good to be true offers usually are! The scammers will often create a fake page imitating a big brand name, then pretend to offer a real promotion. These scams are often set up specifically to harvest user data and will require the input of personal information.
Fake trending videos – Fraudsters are adept at manipulating human behaviour to launch scams. They will often use trending topics such as national disasters or sensationalist stories to entice people to click on a video. Upon clicking the link, users are told they need to download a plug-in before being able to view the video. Of course, this is nothing more than a ruse to get the user to download malicious software.
How to avoid social media phishing scams
To protect yourself from being phished on social media, there are a number of steps you should take:
- Never accept friend requests from someone you don’t know – Social media platforms are all about keeping in touch with friends and building connections, but with so many fake accounts, users should always err on the side of caution when accepting a friend request from someone they’re not familiar with.
- Never click on links requesting personal information – Reputable social media platforms will never ask users to click on a link to update their personal details. These links will nearly always be created to steal sensitive information or deliver malware. If you’re unsure if the request is legitimate or not, go directly to the support pages on your social media network and double-check.
- Use unique login details for each account– When phishing scams are so rife across social media, it’s always best to use a unique username and password for each site so that in the unfortunate event of being phished, the attackers won’t have access to your other online accounts.
- Only enter personal information on a secure website – The URL on a secure site will always begin with a ‘https’. The ‘s’ stands for secure and ensures that all communication between your browser and the website you are visiting is encrypted.
- Install Anti-Virus Software – The installation of anti-virus software will help detect threats on your computer and block unauthorised users from gaining access.
- Keeping operating systems up to date – It’s important to ensure that your software is regularly updated to prevent hackers from gaining access to your device through vulnerabilities in older and outdated systems.
- Use enhanced privacy settings – Regularly check and adjust your privacy settings to restrict what people can and can’t see on your profile.
MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combating cyber-crime. Get in touch for further information on how we can help your business