Social media has a trust problem, but it isn’t just the content that appears on the platforms that is at issue. While social media allows for the spread of misinformation and disinformation, the platforms are now being used in a variety of devious phishing scams.
According to the newly released annual “Phisher’s Favorites Year-in-Review,” from predictive email defense provider Vade, Facebook edged out Microsoft for the top spot and became the most impersonated brand of 2021.
The social network represented 14 percent of phishing pages analyzed by the security provider. Facebook, which sat at number two on Vade’s Phishers’ Favorites list in 2020, clearly saw increased interest from phishers over the last two years. More ominously, phishers have continued to focus on social media by increasingly targeting users for the third consecutive year.
“This is not a big surprise as over the last few years, KnowBe4’s quarterly phishing reports have consistently revealed that LinkedIn phishing messages in particular dominate as the top social media email subject to watch out for,” explained Erich Kron, security awareness advocate at KnowBe4.
“Social media has become an incredibly prolific area for spammers with no end in sight,” Kron warned via an email on Monday. “As social media has evolved from a place to keep in touch with friends and family and share your opinions on things, into a platform where businesses and individuals can buy and sell items and people who are influencers can make a decent living just being themselves, the money involved is too significant to be passed up by cybercriminals.”
One of the factors in why social media platforms are ideal for such phishing scams is that users often connect with people they don’t know all that well.
“Because some forms of social media lend themselves to interacting with strangers quite often, bad actors can have an easier time getting people to trust them, even when being contacted out of the blue,” said Kron. “In addition, accounts that may not have a lot of followers, but have been established for a long period of time, are often used in marketplace scams where potential victims may trust a seller simply because the account has been around for a long time. This makes accounts without a lot of influence very valuable to scammers.”
The very nature of social media often results in people letting their guards down, which is exactly what those employing phishing scams hope for.
“The fact that social media interactions typically happen at a very high speed has trained us to make quick decisions about things, often missing red flags. Even email notifications about a potential social media interaction can rush people into clicking on a malicious link, just because they want to see what they are missing,” Kron continued.
Prime Target Via Social Engineering
Sites like LinkedIn have long been prime targets for scammers, and that is unlikely to change.
“Bad actors will often pretend to be job recruiters and try to phish sensitive information from targets or may otherwise scam people into thinking they are paying a fee to help with a job placement when the scammers are just stealing the money, doing nothing in return,” warned Kron. “Cybercriminals have also been known to use social media to spread malware through infected documents and links as well.”
Phishing scams also work by targeting the weakest link – people. The scam is more about social engineering than advanced technology, and when combined with social media, it can be very dangerous.
“To help counter these attacks, people should be vigilant and aware of postings or emails that cause a strong emotional response,” noted Kron. “In addition, people should train themselves not to allow social media interactions to rush them into actions. Instead, take a deep breath and consider these interactions with a critical eye.”