Social media has become a cornerstone of all our lives in recent years. We use it to communicate with our friends, share content about our lives and even seek goods and services. With so much information floating around, it’s no surprise that hackers have started using social media to execute phishing attacks.
According to a recent study by Verizon, 33% of all phishing attacks are done over social media. Its ubiquitous nature provides scammers with a perfect opportunity to gather information on their mark to then launch social engineering tactics toward them and virtually never run out of new potential victims.
Because social media platforms are all slightly different, certain niche types of phishing can pop up, which can be less evident than typical attacks. Additionally, fake profiles are free and shockingly easy to build. Users are far more likely to trust a normal-looking social media profile than an unknown email.
The best way to counter a phishing attempt is to notice it while it’s happening. This article will explain the most common ways phishing is conducted on social media.
1. Email Notification Phishing
Social media revolves around notifications. Almost every aspect of these platforms can send an update to users to bring them back to the platform or inform them. The point of contact outside the platform is always email, and the template they use is similar and rarely questioned.
Users receiving these email messages often click on the button, taking them to the notification without paying too much attention to the rest of the design. This behavior is what hackers rely on to get users to click on fraudulent links hidden in the buttons. The site it takes them to is then used to steal sensitive information via a fake password reset scam or malware download.
Since this attack is made over email, users thankfully have several safety checks they can make. These attacks always come from bogus email addresses or similar ones with incorrect domains. The design, logo position, and general spelling will also be off and are some of the best ways to notice a phishing attempt
2. Facebook Quiz Phishing
Quizzes of all types started popping up all over Facebook in 2020, some using platform apps and some hosted on a different website. The titles range from “What type of childhood did you have” to “What kind of driver are you” and seem relatively harmless.
However, the questions asked during the quiz are crafted to make the victim surrender information that are common answers to password security questions. This data is then used to reset the passwords of the victim’s account and take control of it.
While these quizzes may be entertaining, it’s best not to answer them since it’s too difficult to determine which ones are legitimate. It’s also ideal to keep your social media account private to strangers and never state identifying information in your image captions(make and model of your first car, address of your house growing up, etc.).
3. LinkedIn Fake Job Scam
In recent years, the job market has been on fire, and employees are constantly on the lookout for qualified individuals. LinkedIn has allowed for the recruitment process to become highly streamlined. However, it’s also allowed scammers to create fraudulent company pages to run fake job scams.
They’ll create a job posting and collect applications or message users to share it with them. Some do this to gather sensitive information to launch phishing attacks later. Others will act as if the victim got the job and mail them a fraudulent check for their first pay, asking them to send back a portion to them for whatever reason.
The check later bounces, the scammer escapes with the money, and the victim is out for that amount. This type of practice is always a scam, and it’s the best way to spot a fake job scam. This scenario demonstrates why it’s paramount to research any employer before applying for a job to make sure they are legit.
The same thing applies to sharing personal information with an employer. Ensure it’s done over secure communication and you fully understand why the employer is asking you for this information.
4. In-App Phishing
All social media platforms include some form of direct messaging between users. This functionality has led many scammers to create fake profiles closely reminiscent of their victim’s friends or family. They then ask users to send them money to cover a bill or share a password with them.
Fake social media profiles can be challenging to discern. Depending on the platform, scammers will have collected information such as jobs and city of birth to make profiles look incredibly realistic. Add recent photos, and you could quickly become the victim of a scam.
The biggest tell of these scams will be the sentence structure and expressions used by the scammer. They will never match the ones used by the actual person they’re trying to impersonate. Another tell is how they’ll ask for money to be sent, which won’t be a simple bank transfer. Scammers will often ask for alternate money services like Western Union or even gift cards to be untraceable.
5. Fake Customer Support
One of the biggest tasks done on social media is getting direct support from a company. The instantaneous nature of online chats makes them more convenient than long phone calls, and consumers often prefer them. This consumer need has led many companies to start dedicated support accounts.
These accounts are only a stolen logo and description away from hackers scamming people. Using these accounts, criminals will contact people who have requested help, passing as the company. They’ll then direct them to a fake login page to steal their login information. Particularly brazen scammers will even get their victims to pay for repair services.
The best way to detect these scams is with the URL of the website they send you to. It will not have the correct primary domain name of the company you think you are interfacing with. Their grammar and sentence structure are also often too familiar for a company talking to its customers.
The Rules Of Phishing
These five threats aren’t that different from your typical phishing threats. Users need to know they are happening to spot them. It’s important to remind your users that while they live their lives on social media, they should apply the same level of caution as they do in the real world.
Always look for the message’s source, checking for identifying information like URLs and sentence structures. Never share sensitive information online in an unsafe manner. Applying these three simple rules will foil most phishing attempts on social media.