The latest data suggests there are nearly 4 billion social media users worldwide who engage in various platforms for communication, news, and entertainment. At the same time, threat actors are ramping up their efforts with phishing campaigns to target these social media users. A phishing report by a prominent cybersecurity company, which examined phishing attack patterns from 2021, reviewed 184,977 phishing pages generating stats based on the billion corporate and consumer mailboxes that the cybersecurity company protects. The researchers noticed an increase in the sophistication of phishing attacks, an evolution in tech support scams, and the dominance of COVID-19 and item shipping lures.
Phishing actors concentrated their efforts on social media platforms because gaining control of individual accounts is frequently used as a stepping stone to reach larger audience or to launch highly effective spear-phishing attacks. Phishing actors can post links to malware-dropping or phishing sites, which followers are likely to click on because they trust them, therefore generating traffic to harmful sites. The more popular the compromised account, the larger the targeted pool. This is widely seen on Twitter where breached “verified” accounts are exploited to promote crypto scams.
Phishing actors are especially interested in well-known brands and target them during periods of high recognition. In spear phishing, the actors may use access to compromised accounts to directly send messages to the victim’s family and friends and engage in high-level social engineering. Even if the threat actors aren’t interested in exploiting the social media account access this way, they can utilize the stolen credentials by extorting victims for ransom or selling them to other threat actors.
Other key findings in the analysis include the fact that phishing actors have become more sophisticated when targeting corporate users and their Microsoft 365 accounts. According to the report, the cybersecurity company discovered a sophisticated Microsoft phishing attack in which business logos and background images were automatically reproduced onto Microsoft 365 phishing pages. The highly targeted phishing attack was designed to trigger only if the intended victim received the email, which the threat actor confirmed by issuing an API call to Microsoft with the victim’s email address. The threat actors use an HTTP post request to fetch and load the target’s employer logo and background once the victim’s identification has been verified. Dynamically loading phishing pages are considerably more likely than ordinary phishing tactics to lure victims into entering their Microsoft credentials.
Avoid Becoming a Social Media Phishing Victim
- Don’t click on links from posts, tweets, or messages unless you’re 100% sure that the links are genuine and well-intentioned.
- Consider your actions before responding to approaches on social media.
- Evaluate if someone genuine would really contact you with this information.
- Look for threats of financial issues or offers that are too good to be true because typically that’s the case.
- Call the right number of the company or individual from the post or tweet for authenticity.
- Proceed with caution because even if the post or tweet seems to come from a trustworthy source, their account may have been breached or spoofed.
- If approached through Twitter, the accounts of legitimate businesses usually have a “verified” check indicating the account is authentic and will never request login credentials.
- Check the number of followers on the account because genuine companies, including their support handles, are likely to have larger followings.
How to Protect Against Phishing Attacks on Social Media
Check and regularly update the privacy settings on your social media accounts. Utilize options allowing only people you know to view the posts and opt-out of targeted advertising to prevent apps from accessing your profile information.
- Use different passwords for different accounts and use a two-factor authentication ensuring that only you can access an account.
- Beware of strangers attempting to forge close relationships on social media or asking for money.
- Contact friends offline if you receive a message about an investment opportunity or urgent need for money because their account may have been breached.
- Avoid posting personal details and your whereabouts. Threat operators can use personal information for identity theft and vacation photos can lead criminals to believe your home is empty.
- Don’t accept friend request from strangers.
- Don’t take social media quizzes or surveys that ask personal questions.
- Don’t use public Wi-Fi network to log in to Facebook or social media sites.
With billions of active users, social media networks are prime phishing targets for cybercriminals. That’s why it’s important for companies and individuals to remain ahead of the current threat landscape, secure their accounts, and keep their profiles private. At SpearTip, our certified engineers continuously monitor companies’ networks for potential threats at our 24/7/365 Security Operations Centers. We also specialize in incident response capabilities and handling breaches with one of the fastest response times in the industry. Furthermore, our ShadowSpear Platform is an unparalleled resource that optimizes visibility and integrates with cloud, network, and endpoint devices to provide extra layer of protection preventing potential cyber threats, including phishing attempts, from accessing your personal information.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.