How Cybercriminals Use Social Media As a Weapon

And how you can fight back!

Facebook, Instagram, LinkedIn, Twitter, and other social media are great ways to stay in touch with the world. In 2022, more than 4.62 billion [1] people and business owners are using social media to connect with friends and family or promote products and services.

During COVID, online retail sales increased from 10% to 30% compared to last year. This made social media the perfect hangout for cybercriminals who used the widespread and 24×7 reach of those platforms to design and execute their nefarious crimes and phishing attacks. According to the FTC, more than one in four people who lost money to fraud in 2021 claimed it started on social media with an ad, a post, or a message [3].

In this article, we discuss social media phishing tactics used by fraudsters and what you can do to prevent and counter such attacks.

What is social media phishing?

Social media phishing attacks are carried out on platforms such as Instagram, Facebook, LinkedIn, and Twitter. The fraudsters use phishing schemes with DMs (direct messages), posts, reels, ads, and stories to trick people into giving them money or personal information by exploiting a person’s social trust and/or lack of technological knowledge.

In a typical phishing scam, you can get a DM from a business account that looks legitimate and requests you to give, update, or verify your personal information or urges you to click on a link. The call to action sounds urgent and realistic enough to lure you into taking the bait.

How do cybercriminals get your information?

Cybercriminals have a variety of tools at their disposal to hack and exploit personal and financial information. Scammers exploit human nature to design their attacks; hence, the design is often called social engineering.

They use their victims’ curiosity, sense of urgency, and fear as weapons of attack. For example, they will send you a message claiming that your bank account has been compromised, which is a hard-to-ignore message for many of us.

Many years ago phishing attacks started as phishing emails, but times are changing now and phishing has largely become social. Read more in this article.

In case of phishing emails, scammers send emails pretending to be from legitimate companies, urging you to click on a link to update your information or receive a gift. Now, scammers are imitating those companies on social media using the same tactics to steal customer information by publishing posts, reels, and stories with irresistible offers from brands loved by the customers. These posts can contain links redirecting a customer to phishing websites that look identical to the official website of the brand.

Another way for cybercriminals to get your information is by posting simple-looking questions asking for your favorite car, city, or your pet’s name. Those posts are commonly used for social engineering, and your answers may be used to get password hints or answers to security questions for logging into your bank account or email account. [2]

Some examples of social media phishing

Big companies and influencers are the number one victims of phishing attacks because most people expect to see those brands online. The more well-known a brand is, the more likely it is a target of social media scams e.g., the impersonation scam. Eydle is a company specializing in brand monitoring and protection against social media scams. Here are some examples of impersonation accounts on Instagram detected by Eydle’s platform:

Netflix

Netflix is one of the largest streaming and video production companies that offers a wide variety of TV shows, movies, anime, and documentaries.

Figure 1 shows a phishing profile of Netflix on Instagram that offers free premium accounts as a bait to steal customers’ information.

 

By clicking on the phishing URL in the bio, the user will be redirected to a bogus website that looks like the official Netflix website. See below.

 

After entering their email address, customers may receive an email in their inbox urging them to provide critical information like their bank or credit card account details.

Paypal

Paypal is a global financial technology company that supports online money transfers. Companies like Paypal are a common target of scammers. Figure 3 shows a fake Instagram account that promises to multiply your money and pay you instantly. Too good to be true?

 

By luring you to click on the URL, the scammers intend to steal your personal and financial information.

Amazon

Amazon is a technology company that focuses on e-commerce, cloud computing, and digital streaming. Figure 4 shows a fake Instagram account of Amazon. There are links on the account bio that are potentially phishing websites.

 

How you can protect yourself against phishing on social media.

Prevent phishing attacks by following these social media best practices.

• • Scammers are everywhere on every platform. Keep this in mind before giving any sensitive information online.

• • Stay away from too good to be true offers.

• • Verify the accounts of brands and influencers you are following and look for the blue checkmark next to their profile names. However, be aware of the limitations of the blue checkmark. See this article.

• • Avoid clicking on suspicious links on social media bios, posts, and DMs, for example, words with spelling mistakes that still read like the brand’s name.

• • Choose a strong password for your social media accounts and use two-factor authentication (2FA) when logging into your accounts for extra security.

• • When clicking on links, verify carefully the URL of the website, e.g., if it is different from the brand name, before entering your personal information to make sure it is not a phishing website.

• • Report and block any account on social media that is trying to send you suspicious links or text messages.

How Eydle can help you secure your online presence

At Eydle, we protect brands and businesses online using the latest technology of artificial intelligence and deep learning. If you have questions, contact us at i[email protected] or visit www.eydle.com.

References

[1]https://www.statista.com/statistics/617136/digital-population-worldwide/#professional

[2]https://www.cnet.com/tech/services-and-software/these-phishing-tactics-disguised-as-fun-on-social-media-heres-what-to-look-for/

[3]https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2022/01/social-media-gold-mine-scammers-2021#footnote1

[4]https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams#:~:text=Keep%20your%20passwords%20and%20pin,mobile%20devices%20and%20computers%20secure.

[5]https://www.techtarget.com/whatis/feature/How-do-cybercriminals-steal-credit-card-information