Phishing Attacks On Social Media Users Are On The Rise
With more than 4 billion social media users around the world, cybercriminals are more inclined than ever to target these users to make money or steal their personal information.
In the latest edition of the Consumer Cyber Security Pulse Report, the team at digital security firm Norton Labs published some important findings after spending a year analyzing phishing attacks against social media platforms.
A phishing attack is a fake email or message that pretends to be from an authentic or trusted source. A phishing attack aims to gain access and steal vital information from users.
According to the Norton Labs team, phishing attacks targeting social media users are on the rise, with users being targeted via email, text messages, or even within a social media platform.
The report identifies eight different phishing techniques used by attackers to target social media users, including classic login phishing, notifications of blocked accounts, notifications of copyright infringement, verified badge scams, hacking services for profiles, follower generator services, and two-factor authentication interception, and payment fraud.
In classic login phishing, attackers use a fake login page to deceive users into entering their social media data and passwords, which are forged by the attackers, who then use them to access the compromised accounts.
When notifying users about blocked accounts, the attackers deceive them that their account has been compromised. Users are then asked to provide information to restore their accounts.
Notices of copyright infringement mislead users into believing that their account has been suspended because they have broken certain rules. Users are therefore asked to log in to a fake login page to unlock their accounts.
Verified badge scams target verified accounts on social media platforms, asking them to log in to the attacker’s fake login page so they don’t lose their verified status.
Profile hacking services deceive users who want to hack a profile. Victims in turn are redirected to various malicious websites or used to generate traffic for ads.
Follower Generator Services target content creators who want to grow their audience. This type of phishing attack promises to help users grow their audience at little or no cost. Ultimately, users are redirected to malicious websites, where their information is collected and their presence used to generate traffic for ads.
Two-factor authentication interception helps attackers intercept temporary codes required to penetrate profiles with multi-factor authentication.
In the phishing campaign for payment fraud, attackers pose as well-known social media brands and deceive victims into providing payment card information. The aim is to extract user data and use it for malicious activities such as financial theft.
The sources for the piece include an article in Betanews.