Phishing Scams Go Social

With more business being performed online and across social channels, the likelihood of our personal information falling into the hands of a cybercriminal only increases. Recent reports found that phishing scams alone increased 65 percent last year and 76 percent of businesses reported being a victim of a phishing scam last year.

Why have phishing scams become the driving target for cyber criminals?

Likely, because of the strategy behind the scam itself. Instead of identifying a flaw in an organizational firewall, phishing scammers directly target individual users by posing as known, credible entities. But these scammers are no longer just targeting traditional institutions of business. Today, they’ve moved on from emailing under the guise of a bankrupt Nigerian Prince and have evolved with the times, turning their attention to social media.

So, how do you protect yourself from hackers as you post photos, scroll through social feeds or download updates to your favorite social app? Your best option is to remain cognizant and aware of the popular phishing tactics. Here’s a look at three of the most common types of phishing scams.

Impersonating popular social platforms

Last year thousands of Snapchat users were sent links from a website disguised as Snapchat itself. Once the unsuspecting users logged into the website – via the phishing link – their usernames and passwords were published on the fraudulent site. That one decision exposed countless personal accounts, allowing cyber criminals to capitalize on the personal information now available.

What can you do? Ensure the emails you receive come from verified addresses. Consider Facebook for example. The social media giant uses the domain facebookmail.com for all security correspondence. Phishing scammers know that and have tricked users by using a slightly different domain – facebooksecuritymail.com.

This applies to all platforms: Snapchat, MailChimp, Instagram, Twitter, Amazon, RedBox, Netflix – any of these hubs you may be familiar with, check the URL and full address of the sender.  This can be especially hard when looking at your email on a smartphone because Mail platforms tend to shorten the address or use a Hypertext (example: you might see the sender as “Best Buy” versus the full email address “customer.service@best-buy.com” ) so just be wary of checking full URLs and email addresses on whatever device your using.

Impersonating friends and family

Each year Americans go mad for March Madness, offering up their best prediction on which team will take home the NCAA Championship. For as much work that goes into filling out brackets each year, most brackets bust and deliver nothing but disappointment. But at times, many have ended up more disappointed when they discovered their eagerness to predict the NCAA basketball tournament winner lead them directly into a phishing scam. Scammers took advantage of basketball fans by sending a seemingly innocuous bracket invite over email from a name they knew personally. But that invite link redirected individuals to a login page for social media accounts, namely Facebook, once again giving hackers access to personal information. This fake-login scam is one of the most common phishing tactics, and it’s certainly not going away anytime soon.

What can you do? Don’t let your guard down just because an email is attached to someone you know personally. And if you suspect an email or direct message to be malicious, contact the company or organization the message claims to represent. That’s your best chance to limit your exposure of personal information to hackers.

Fake third-party updates

Phishing scammers are using fake apps that claim to add functionality to popular social media platforms. These apps often lure users by claiming to give away free Instagram followers or by guaranteeing 1,000 instant retweets.

The overused “beautiful woman” who sends a friend request is another clever one. Some youthful pretty person acting like they are sending a friend request, yet this is one of the earlier set ups for these scammers to gain access to your friend lists and organizations and again, impersonate someone to gain access to your information.

What should you do? Keep an eye out for this type of scam. Messages like these should always signal an immediate red flag. Follower giveaways aren’t conducive to the behaviors of social networks, but they are conducive to the behaviors of scammers.

If you remember nothing else….

We live in a world of information overload. Don’t let the volume of information that comes your way cause you to let your guard down, therein lies the premise of what phishing hinges on. Phishing scams aren’t as obvious as others, but that doesn’t mean they are impossible to spot. If there’s any doubt about the authenticity of information, contact customer service. You should also consider logging directly into the official domain in question to verify information. When in doubt, pick up a phone and call the entity directly based on their true website to verify information requests if you genuinely have doubts!