Social Media is increasingly becoming the favorite places for scammers.
Are you interested in knowing what can you do, or just want to know about the extent?
Go ahead and read this blog!
Social media plays a major part in our day-to-day lives. Most of our day is spent on at least one social media platform. These channels not only give us daily news updates, but we also use them to purchase goods from pages we follow and the posts we see (clothes, home décor, accessories, etc.).
It is estimated that 70% of Americans have at least one social media account that they use regularly.
This provides ample opportunity for scammers to prey on social media users. Clicking on a link found on a suspicious website is no longer the only way that could make yourself a victim of phishing (for more tips on how to identify and avoid phishing attacks through websites, you can check out this blog on Telepathz).
While this was one of the original methods of phishing utilized by scammers before, they have evolved to capitalize on our heightened social media addiction.
Since the advent of the internet, scammers have developed various ways by which they prey on the users of its different services. Prior to the rise of social media, emails were the primary means through which many communicated via the internet (check out this blog on Telepathz to ensure that you don’t become a victim of phishing through emails).
Social media channels are now utilized more frequently than emails and scammers have adjusted their focus to launch their attacks through these channels. Social media channels are a great platform for information sharing but also have many weak spots that scammers use to their advantage.
Scammers can impersonate or compromise accounts of reputable organizations and then use these accounts to build trust and trick users into disclosing sensitive information on these platforms, usually with a high rate of success.
In fact, 66% of targeted or spear-phishing attacks on social media sites are opened by their intended victims (for more information on how you can avoid spear-phishing attacks, you can check out this blog on Telepathz).
Scammers commonly use fake login pages to gain access to their victim’s social media login details and go on to use these details to launch more scams and phishing attacks through these compromised accounts.
The reason that most victims fall prey to phishing attacks through social media channels is due to the lack of knowledge on the dangers lurking in their social media feeds and inboxes.
The main goal of a phishing attack on social media is to look legitimate and gain the trust of the victim. Facebook is the perfect platform for this type of phishing attack. Users on Facebook would usually follow more brand or business pages to keep track of offers, discounts or even new products.
Thus, these users would be more comfortable with clicking on links, downloading apps or even providing their personal information, if they think they have found a good deal on a product or service they would usually purchase, for instance.
These pop ups with links may usually display the name of a mutual friend that has already liked the page, further prompting users to trust these links, assuming that others they know may have also clicked on them.
A common Facebook scam is usually a scammer sending a friend request to a user. Once this request is accepted, the scammers post a message on the victim’s wall with a link.
There would also be a message attached to the link that would encourage mutual friends to click on this link to find out more. Once this link is clicked, they would then be redirected to a login page that will ask for the user’s Facebook login details.
The scammer then copies these login details and hacks into the user’s account and may repeat this process to target more users.
Just in 2021, the personal data of over 500 million Facebook users were posted online in a low-level hacking forum. This goes to show that scammers are always on the prowl and will try their luck in various attacks.
Facebook Messenger is also fast becoming a popular channel that is used by scammers to send links to fake Facebook login pages. These fake links could even be disguised as YouTube videos that are shared by a friend. Users will click on the link without doubting the origin of the message as it appears to be sent by a friend.
And compared to posting on the user’s wall, a direct message is more personal. The victim has a higher chance of trusting this link and usually wouldn’t think twice about clicking on it.
Twitter is used by many brands and businesses to distribute their content and engage with their customers, providing regular updates on their products or services.
However, it is also an ideal platform for machine-generated phishing attacks. Usually, phishing campaigns on Twitter take on the form of correspondence from accounts that pose as well-known brands and business and may even act as Twitter itself.
Most customers directly contact Twitter accounts of brands and businesses for support over traditional channels as this is a more effective method of getting help.
It is important to keep in mind that only verified accounts will have the blue checkmark badge to prove its authenticity. Users should also be on the lookout for slight misspellings or variations in the user handles.
For instance, @AmazonHelp is Amazon’s legitimate support account. However, @Amazon_Help is a fake account that is used to steal personal information from users.
Additionally, there are also ads claiming to allow users to verify their account. Once clicked, users are redirected to a similar page to that of Twitter’s official login.
This page would then ask users to enter their Twitter login details, contact information and follower count and then the scammers would use these details for further scams and attacks.
Alternatively, on a much larger scale, in 2020, dozens of major companies were targeted on Twitter in a ‘phone spear-phishing’ attack. These scammers targeted 130 people, including CEOS, politicians and celebrities.
WhatsApp being one of the most widely used messaging apps across the globe, it is also one of the riskiest apps, targeted by scammers due to its enormous user base. It was estimated that between December 2020 and May 2021, 89.6% of all malicious links detected were sent via WhatsApp.
Scammers use many social engineering techniques to ensure that users not only open the links shared but share it within their social circles. One of the most common messages of this nature that were making its rounds on WhatsApp were messages to warn or offer advice to its users about upcoming changes to the app.
Once this message is forwarded, the user on the receiving end will trust the warning or advice that they receive and usually won’t doubt the content of the shared message.
Scammers will utilize this tactic of ensuring that receiving users of the forwarded messages will either re-forward them or click on the given links.
There are many other notable brands and businesses that scammers use to send phishing messages to users. These phishing messages usually confirm a prize that has been won or money that can be collected.
Scammers would even use the same logos and font that the brand or business would use, to ensure that the victims won’t doubt the validity of the message.
Over the recent years Instagram has become one of the most popular social media platforms in the world. However, due to this very reason, it is also a prime target for phishing attacks.
Using a similar method to that of the phishing attacks on Facebook and Twitter, scammers gain users’ trust by pretending to be friends or followers.
Once a victim accepts these follow requests, the scammers would then encourage their victims to click on the links in their Instagram bio to find out more information on a product or service they may be selling for instance.
Clicking on these links would redirect users to malicious or phishing websites that pose as a convincing login page and the user’s login details will be then copied.
These attacks are more dangerous in nature. Victims would usually not be aware that they have been targeted as they would then be redirected to their Instagram page as if nothing has happened.
Once a user’s login details are copied, the scammer potentially has access or can take control of the victim’s account for some time without the user even realizing that their data is compromised. This could also put the victim’s followers or even their sensitive data at risk.
In 2019, scammers launched a highly effective phishing campaign that sent emails from the supposed ‘official’ Instagram to its users so that they could verify their Instagram accounts and earn that little blue badge next to their username.
Once this link was clicked, users had to enter their login details for Instagram, which scammers then copied and used to access these user’s accounts.
LinkedIn has become a very popular platform for phishing attacks in recent years. Most users assume that everyone directly contacting them through LinkedIn is a professional looking to make a genuine connection.
And since most individuals use this platform to either expand their business network or to find employment opportunities based on their skills and experience, the allure of making a valuable connection can dupe users into allowing these scammers into their LinkedIn network.
Phishing attacks through LinkedIn had a 47% open rate in 2020, with messages disguised as prospective employment opportunities or new business connections.
Once the scammers connect with unsuspecting users through false accounts, they are then able to gain access to the users’ email addresses and personal details on their profile.
Scammers then use these details to send personalized phishing messages to build trust and lure their victims into downloading malware onto their devices.
Snapchat is not as commonly used as the other social media channels and caters to a different demographic. However, malicious attacks are increasingly common.
A major phishing attack in 2018 tricked more than 55,000 users to reveal their account passwords.
Scammers then used these compromised accounts to attack more users and this information remained visible on a public website until Snapchat was able to reset the breached accounts.
Social media networks are taking action to detect these phishing attacks and are working towards protecting users against these attacks.
Most social media apps either require or give users the option of enabling Two-Factor Authentication for logging in. This provides an added layer of protection, making it difficult for scammers to login using copied credentials. Users should be cautious when clicking on the links that they receive.
It is vital to ensure that the brand or business social media accounts have been officially verified, meaning that they have the small blue badge next to their name. Users should refrain from clicking on external links, regardless of the source.
And it is always wise to double check with friends and followers of any suspicious online behavior of these accounts. It is vital to be on your guard for any special and exciting offers that may come your way that are usually too good to be true.
Users are advised to practice caution in using any social media platforms as many individuals access their employment emails or documents through the same device, allowing for greater susceptibility to attack.
