Email phishing has been around nearly as long as email itself and it’s still the most popular way for hackers to spread viruses, ransomware, and other types of malware.
But as online society evolved so do these fake attacks. Social media phishing has gained steam as platforms like Facebook, Twitter, and Instagram continue logging more user hours.
The average internet-connected person logs about 2.4 hours per day on social media sites. These sites are built for quick reactions such as likes, replies, and retweets. That combined with the fact that people are generally relaxing and have their guard down when on social platforms makes them vulnerable to being used for phishing scams.
In the first quarter of 2021, phishing over Facebook increased by 137%.
One reason for the rise in phishing over social media is that more people have become wise to phishing through email. Many businesses implement cybersecurity safeguards against email phishing, such as email spam filtering to help block malicious threats.
But social phishing isn’t yet on everyone’s radar, and it requires different tactics to educate employees on the types of scams to watch out for. Someone that reaches out to you that seems “nice” might actually be a cybercriminal laying the groundwork for an attack.
What Types of Phishing Attacks Happen Over Social Media?
While the end goal may be the same whether someone is phishing by text, email, or social media DM, the tactics tend to get a little more personal over social media.
Here are some of the scams that are commonly used in social phishing attacks.
Impersonating Someone You Know
A common occurrence on social media is for a scammer to copy someone’s Facebook profile. They’ll then create a fake profile in that person’s name and send friend requests to everyone on that person’s Friends List.
The goal is to get you to follow them, and because you think you know the person you’ll be much more likely to click any links they post. These links can lead you to fake login pages or to a site that does a drive-by download of malware.
Fake Customer Support Accounts
Another impersonation ploy used in social phishing is a scammer impersonating a brand’s customer service account. They’ll reach out to offer assistance, and may ask you personal questions or try to get your credit card number or password for a particular account.
Who wouldn’t love to win a large sum of money or tickets to a popular sporting event? Another phishing scam you’ll see on social media uses posts of fake contests with a link to fill out a form.
The form will gather as much personal data as possible. Enough for the scammer to make some money from selling it on the Dark Web.
Videos are a popular form of engagement over social media, and they’re often used as a lure by phishing scammers. They’ll use things like a link to a purported streaming event or a video related to a hot news topic. But when the link is clicked it takes the user to a malware-infused website.
Tips for Staying Clear of Social Phishing Attacks
Always Question a Friend/Connection Request
You should always question a friend request, even if it’s coming from someone you know. This is one of the first steps a social media attacker uses because they need to connect with you to begin engaging.
If the friend request is from someone you know, then ask that person offline if they sent it before you respond.
If the request is from a stranger, then check that person out thoroughly before you decide whether to accept. A brand new account or a timeline full of nothing but profile picture posts are both suspicious.
Change Your Profile Privacy Settings
It’s a good idea to put your social media profiles on a high-level privacy setting so only your friends can see your timeline and other information. Often a phishing scammer will look over a target’s profile to find things they can use to gain trust and strike up a conversation. Such as, “Oh, I also love XYZ band. What’s your favorite song?”
Avoid Clicking Links on Posts, Replies, or Direct Messages
Social media posts often use the shortened URL format, which hides the full URL, making it even harder to see when a website link doesn’t look quite right.
Avoid clicking any link you run across on social media, even if they’re sent via DM unless you’re 100% certain they’re from a legitimate source.
Never Give Personal Details Out Over Social Media
If you’re approached by what appears to be a company’s customer service over social media, question it and double-check to see if the account matches the one on the company’s website. Further, never give out personal information like your phone number or account numbers over social media.
How Current Is Your Employee Security Awareness Training?
Does your employee security awareness training include social phishing? Quantum PC Services can help your Sturgeon Bay area business keep your team well informed and your network well protected.
Contact us today to learn more! Call 920-256-1214 or reach us online.