Social media has become one of the ways we present ourselves and our businesses. As all social media presence happens online, cybersecurity is critical. Your social media presence creates many opportunities for hackers to steal your valuable data in a social media phishing attack.
To stay safe, you must take precautions. One way to boost cybersecurity is by learning the tactics hackers use to steal your sensitive information.
In this article, you’ll learn all you need to know about social media phishing, including how to spot and avoid falling victim to it.
What Is Social Media Phishing (SMP)?
Social Media Phishing is a cybercrime that sees social media users tricked by hackers into giving up their sensitive information. Cybercriminals steal personal details to sell them on the dark web or to get into your social media accounts. Some use the information to further gain access to financial accounts.
Social media phishers thrive simply because there are many potential victims. Creating a social media account is just as simple as (or even simpler than) creating a website. To create a website, all you need is a beginner’s web hosting and a new domain name. To create a social media account, you just need a username, a password and you’re good to go.
The result? Well, look at the figures. In 2022, over 4.5 billion people around the world were on social media. The number of social media accounts that can be the targets of phishing attacks is even higher because one person doesn’t typically own just one social media account. On average, we have 8.4 accounts on different channels.
The good news is, you can increase awareness about social media phishing. If you’re a business, for instance, use a landing page builder to create custom landing pages for performing phishing simulations. You’ll learn how many of your social media users are vulnerable to phishing attacks. Then, you can share the numbers with your audience and give tips on how they can avoid these situations.
You can also ensure you yourself don’t fall victim to social media phishing. If you know the typical strategies attackers use, you can avoid putting yourself in situations that can compromise your security. Include these in a social media phishing security section in your retail, eCommerce, or SaaS marketing plan. You also want to ensure everyone in your team is aware of these strategies. This is so they can also take the necessary precautions when marketing your products on social media platforms.
Common Social Media Phishing Scams
Hackers can use many social media platforms to launch their social media phishing attacks. In this section, we’ll look at the four social media channels that are often the targets of these phishing scams. Let’s go over these:
1. Facebook Phishing
Creating a fake profile on social media takes a couple of minutes. From there, scammers can find different ways to convince people to click on a harmful link.
So, posing as a Facebook friend, scammers can send you messages with the words “look what I found” or “Is it you?” accompanied by the link. Something like this:
Once you click on the link, you’re taken to a fake Facebook login page, like the one below, where you’re asked to submit your credentials:
Notice that, based on the URL, the page is NOT a legitimate Facebook page. Some hackers even use the typosquatting method, where they make the URL look almost identical to the real one—for example, amaz0n.com, or ettsy.com. So, when you submit your personal details on these pages, scammers record your data.
Scammers can also pose as Facebook and send you emails saying there are security issues with your Facebook account, like activities violating its Community Standards or supposed suspicious login attempts:
Notice that the email above is a fake, judging by the sender’s email address.
Then in the same email, they prompt you to click on the embedded button to verify your account, with some threatening that your page will be deleted if you don’t take action. The button leads to the same fake Facebook login page which harvests credentials.
2. Instagram Phishing
Social media platforms like Instagram offer a way of exchanging direct messages between users. Scammers create fake profiles mimicking the ones of your friends or family members. Anyone can find all kinds of information online, such as our jobs and where we live or were born. Using a recent photo makes the profiles look very realistic.
From there, thieves ask for money to cover a bill or a small loan.
Here’s an example of an Instagram phishing attempt. You get an email or a DM from what looks like an official Instagram account. The message indicates that your account may be at risk and you should take action. It tells you to click on the link and enter your login details.
The email may seem legitimate at first but checking the email address it came from should tell you it’s not an official Instagram one. Clicking on the link could put your account at risk.
Here’s another example. A tempting offer and a chance to win the latest iPhone may turn out to be an Instagram phishing attack, like the one below:
Clicking the link and filling in your sensitive information can lead to scammers taking control of your account and using your information for financial gain.
3. LinkedIn Phishing
LinkedIn is a popular channel for job seekers and employers. But the fact that it’s a social platform frequented by professionals doesn’t mean it’s 100% safe.
Scammers can create fake job ads and post them from fake company pages. The job application will ask for sensitive data which scammers will use in a profit-driven activity.
Also, avoid commenting on posts that ask for personal information to get paid or win a prize. Here’s an example of a scam post:
Identity thieves take advantage of LinkedIn users by sending emails crafted to steal their login credentials. Clicking on links may mean downloading malware onto our devices.
Here’s what a potentially dangerous email can look like:
Users clicking the link in a fake email are sent to a fake LinkedIn landing page and asked to enter their username and password. Once someone hands over their LinkedIn login details, they may compromise access to many other services that use the same authentication.
Look out for fake recruiters on LinkedIn. Shady agents may send you documents to download. Downloading infected files onto your PC may lead to unleashing malware via macros that aren’t even visible to untrained users.
To protect yourself, always Google any employer before applying for a job.
4. Twitter Phishing
One common Twitter phishing scam is spreading an amazing investment opportunity. Here’s a tweet sent by cybercriminals who hacked the accounts of various high-profile people, including Elon Musk. It states that the followers can double their money by sending bitcoin payments to a designated cryptocurrency account.
Businesses like Amazon offer customer support through social media channels, such as Twitter. Although this is very convenient to the users, it creates new opportunities for cybercriminals. Here’s one dodgy-looking DM asking a Twitter user to give out their sensitive information, including their name and credit card number.
A fraudster creates a fake account, using a few identifying elements of a brand, and spreads the posts and DMs to Twitter users. Misguided customers may give away their password information and other details through this phishing attempt.
How to Protect Yourself From Social Media Phishing
To protect your private and business social media account from social media phishing attacks, be aware of how you share sensitive information.
Stick to the following:
- Don’t share your login credentials or any information you use for financial accounts.
- Never click on links to update your personal details.
- Go to the platform directly, to check if any updates are necessary.
- Avoid using the same username and password across different social media accounts.
- Use strong passwords.
- Update your software, operating system, and SSL certificates regularly. Many successful attacks exploit unpatched vulnerabilities.
If you’re using WordPress web hosting, make it a point to update it as soon as the new version is launched. Also, update to the latest version of PHP and install at least one reputable security plugin.
Notice that the sentence structures and expressions used by scammers will rarely match the actual person they’re trying to impersonate. If they ask for money, it would never be by a bank transfer. Criminals will want you to use alternate money services, like Western Union, or similar, to stay untraceable.
In Closing
For as long as people will use social media to network and communicate with others, cybercriminals will keep trying to trick them into stealing their accounts. Learning the basics of social media phishing attacks is key to staying safe.
Losing control over your organization’s social accounts can lead to serious consequences: a damaged company reputation, revenue losses, to name a few.
From this guide, you have learned the four common social channels scammers go for, e.i. Facebook, Instagram, LinkedIn, and Twitter. Now, you can alert your customers, employees, friends, and family members to the signs they need to look out for in a social media phishing attack.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.
