Last updated December 5th, 2023 23:02
In the 21st century, people seamlessly transitioned into the online world, where a significant portion of our communication now takes place. Attackers adapted to this shift as well. Every day, new and more sophisticated attack methods emerge. Prevention is key. You should be vigilant and aware of the potential threats that might encounter or jeopardize you on the internet. That’s why today, we’ll talk about how you can easily recognize social media phishing, which might be even more perilous than email phishing because it’s much harder to detect.
How You Can Easily Recognize Social Media Phishing
Social Media Phishing represents a strategy used by attackers to obtain sensitive information or conduct fraud through social media. These attacks aim to appear as legitimate communication from known companies, friends, or even authorities. Attackers are often well-prepared. They initially conduct reconnaissance on the victim themselves, check their circle of friends on social networks, and only then launch the attack. This makes such attacks harder to detect.
Let’s take a look at two examples right from the start
Example 1 – Tempting offer with a contest:
Alice just received a message from an account that appears to be her favorite electronics store. The message includes a link to a contest for a new phone. The company asks Alice to fill out a short form with personal details. However, Alice should be cautious. The link leads to a suspicious page with an ambiguous address. Moreover, the form requests more sensitive information than would be normal.
Example 2 – Request for help from a friend:
Petr received a message on his Messenger that seems to be from one of the people on his friends’ list. In the message, his friend asks him to send a code that will arrive via SMS to his mobile phone. The reason given is that his friend currently has an unavailable phone and needs to verify an online purchase. The friend’s photo and profile are indistinguishable from the real one. Petr sends the PIN code, thinking he’s doing the right thing and helping a friend.
At the end of the billing period, Petr receives a bill with a significant mobile payment for goods he didn’t purchase. Later, he discovers that he sent the PIN code to a fake account created by a cyber attacker. The attacker used the PIN to execute the online purchase, which was paid through mobile payments from Petr’s account. Hence, the attacker needed the PIN to confirm the payment.
How does a social media attack unfold?
Generally, this type of attack occurs in several calculated waves:
- Victim Targeting: Attackers often gather information about their targets, such as monitoring activities on social media platforms.
- Building Trust: They utilize accounts with a trustworthy appearance or replicate content from known companies or the victim’s friends.
- Information Gathering: The attack may begin with a request for personal details, passwords, or even banking information.
- Exploitation of Acquired Data: The obtained information is used for financial fraud, spreading malicious content, or even identity theft.
Can you defend against these attacks?
Above, we’ve seen clear examples of how attacks using social media can appear. As I mentioned at the beginning, attackers are often well-prepared. First, they create a fake account where they copy all available data, typically including photos, names, birthdates, and the last 10-20 posts. The attacker aims to induce in you the belief that it’s the real account owner. And yes, it’s very difficult to distinguish. However, you can help yourself by following several crucial points:
- Never send any sensitive information via social chats. This includes PIN codes, social security numbers, or any other identification numbers.
- If you receive such a request, thoroughly check the account asking for this information. At the very least, check when the profile was created.
- If uncertain, politely excuse yourself and ask if you could rather speak over the phone. -There might be an excuse about a malfunctioning phone. In such a case, politely decline sending anything again.
- If you discover that an account is fake, report it and then block it. Also, inform the genuine owner of the real account to alert their friends about potential scams.
- If there’s an internet link in the message, avoid clicking on it. First, copy the URL address and attempt to verify it using the online tool https://virustotal.com.
How You Can Easily Recognize Social Media Phishing
FAQ – frequently asked questions
Read messages carefully and pay attention to details. Be cautious of unusual links, unexpected requests for personal information, or typos in the text. Check the target profile and at least find out when it was created. Consider all newly created accounts as potentially problematic and unsafe.
Enable two-factor authentication on your social media accounts, maintain updated and strong passwords, and set strict privacy settings on social media platforms. Be cautious when providing sensitive information and apply critical thinking.
Report the suspicious account and then block it. Inform the affected individual or institution, alerting them that someone has stolen their identity. This way, they can preemptively notify their contacts and minimize potential damage.
New accounts are typically created by attackers aiming to gain trust and sensitive information. Verify the identity of new friends through a personal call or another trustworthy method. Automatically consider new accounts as risky.
Check the company’s official pages directly through their website address. Trustworthy companies never request passwords or sensitive information through social media. If the company has a contact number, verify the facts through their customer support.
Conclusion
As you can see, recognizing these types of attacks can sometimes be complicated. However, if you stick to the principles we’ve discussed above, you’ll avoid these attacks. A good practice is a phone call. Whether it’s a company or a friend, you can always call and clarify the situation. If you’re unsure about anything, it’s better not to send any information as a rule. At least until you verify whether the message is legitimate or not. Even in this case, avoid sending sensitive information via social media. Always opt for other designated means like phone calls, emails, or preferably, a face-to-face meeting.
The website is created with care for the included information. I strive to provide high-quality and useful content that helps or inspires others. If you are satisfied with my work and would like to support me, you can do so through simple options.
Subscribe to the Newsletter
Stay informed! Join our newsletter subscription and be the first to receive the latest information directly to your email inbox. Follow updates, exclusive events, and inspiring content, all delivered straight to your email.
