Phishing Scams Go Social

With more business being performed online and across social channels, the likelihood of our personal information falling into the hands of a cybercriminal only increases. Recent reports found that phishing scams alone increased 65 percent last year and 76 percent of businesses reported being a victim of a phishing scam last year.

Why have phishing scams become the driving target for cyber criminals?

Likely, because of the strategy behind the scam itself. Instead of identifying a flaw in an organizational firewall, phishing scammers directly target individual users by posing as known, credible entities. But these scammers are no longer just targeting traditional institutions of business. Today, they’ve moved on from emailing under the guise of a bankrupt Nigerian Prince and have evolved with the times, turning their attention to social media.

So, how do you protect yourself from hackers as you post photos, scroll through social feeds or download updates to your favorite social app? Your best option is to remain cognizant and aware of the popular phishing tactics. Here’s a look at three of the most common types of phishing scams.

Impersonating popular social platforms

Last year thousands of Snapchat users were sent links from a website disguised as Snapchat itself. Once the unsuspecting users logged into the website – via the phishing link – their usernames and passwords were published on the fraudulent site. That one decision exposed countless personal accounts, allowing cyber criminals to capitalize on the personal information now available.

What can you do? Ensure the emails you receive come from verified addresses. Consider Facebook for example. The social media giant uses the domain facebookmail.com for all security correspondence. Phishing scammers know that and have tricked users by using a slightly different domain – facebooksecuritymail.com.

Impersonating friends and family

Each year Americans go mad for March Madness, offering up their best prediction on which team will take home the NCAA Championship. For as much work that goes into filling out brackets each year, most brackets bust and deliver nothing but disappointment. But at times, many have ended up more disappointed when they discovered their eagerness to predict the NCAA basketball tournament winner lead them directly into a phishing scam. Scammers took advantage of basketball fans by sending a seemingly innocuous bracket invite over email from a name they knew personally. But that invite link redirected individuals to a login page for social media accounts, namely Facebook, once again giving hackers access to personal information. This fake-login scam is one of the most common phishing tactics, and it’s certainly not going away anytime soon.

What can you do? Don’t let your guard down just because an email is attached to someone you know personally. And if you suspect an email or direct message to be malicious, contact the company or organization the message claims to represent. That’s your best chance to limit your exposure of personal information to hackers.

Fake third-party updates

Phishing scammers are using fake apps that claim to add functionality to popular social media platforms. These apps often lure users by claiming to give away free Instagram followers or by guaranteeing 1,000 instant retweets.

What should you do? Keep an eye out for this type of scam. Messages like these should always signal an immediate red flag. Follower giveaways aren’t conducive to the behaviors of social networks, but they are conducive to the behaviors of scammers.

If you remember nothing else….

We live in a world of information overload. Don’t let the volume of information that comes your way cause you to let your guard down. Phishing scams aren’t as obvious as others, but that doesn’t mean they are impossible to spot. If there’s any doubt about the authenticity of information, contact customer service. You should also consider logging directly into the official domain in question to verify information.