Phishing is quite like fishing, except for the victim party! In this case, are the people like you or me, instead of the fish. A simple principle of deception works at the base of both. Trick with an illusion and score the meal. In other words;
- find a calm spot
- hook the line
- attach a legitimate-seeming bait
- cast it into the deep, unperturbed waters
Wait patiently until you feel the tug on the line, and then pull up to bring that baby home. This is how you fish and are phished online.
Simply speaking, phishing is a criminal practice. It aims at tricking people into revealing their sensitive and private information that can be used later on for the phisher’s advantage. The targeted information includes login credentials, social security numbers, birth dates and bank account details of the victims specifically. Phishing is mostly conducted online and majorly in the form of spam emails. According to Symantec’s 2018 Internet Security Threat Report, an average user receives around sixteen fraudulent emails per month. Now that you think about it builds up to be some pretty scary annual math.
How do phishers orchestrate their campaigns?
They use various disguises. Sometimes, account verification emails with a sprinkle of real concern, tax fraud emails designed to come straight from IRS, package delivery informants, and other times, DocuSign attacks, MailChimp invoices, and cryptocurrency frauds, etc. Juniper Research has estimated these data breach costs to exceed the $150 million mark by 2020. Now, phishers have started looking at social media too—the gargantuan of the 21st century!
At present, there are around 3.2 billion social media users worldwide (‘we are social’). With each passing year, this number seems to grow. And, more social network users automatically mean more unsuspecting targets for the wily phishers. You could be next! So, coming back to the topic at hand, what can you possibly do to prevent becoming a phishing victim? Know the social media phishing types and then erect barracks against this heinous infiltration. This post will serve as your guide on this journey.
Types of Social Media Phishing Campaigns
Knowing these forms of phishing attacks can surely give you a substantial edge over the whole act. The most common types are:
- Impersonated Profiles — You must have come across at least one social media fake account in your life. Yes, it is a phishing bait, meant to extort private information from you. What scammers do is that they target the people/brands close to you, duplicate their profiles and then act like them to build a base of familiarity to fool you.
- Click-Bait Links — These are malicious links that redirect the people who click on them to phishing sites that then solicit their personal information before giving them what they came for. Most of the time, you can see them in the comments section of popular posts which are the hub of activity. Other times, click-bait links are posted on feverishly followed sports pages with the promises of showing fans the live stream of a game.
- Survey Trap — Some people have a penchant for filling out surveys online over their reliable bundle deals or some such connection, either for pleasure or for making some side cash. While this is a good practice for putting forth your opinion, it can lead to your downfall as well. Scammers often pose as authentic profiles on social media and unleash surveys asking for people’s private information. This is a clever phishing scheme.
- Fake Support — Ever received a private message, embedded with a link, from a Twitter bot? It is a phishing attempt, and the link is mostly malware that can dangerously steal your data by attacking your computing device or posing as a payment-requiring fake website. Moreover, scammers often disguise as fake social media customer support. If asked a query, they post a link that can lead you astray.
- Irresistible Gossip — If you see a piece of bombastic news about your favorite celebrity in the newsfeed, you’ll be tempted to click on it, right? Phishers know this way better, which is why they often design misleading gossipy posts with a click-bait title. This counts as a great way to access people’s personal information.
The list goes on.
Read also: Data Center Trends 2019 – 2020
Surefire Protective Tips
Now that you know about the major phishing campaigns which are cleverly carried out over social media channels, it is time to note how you can protect yourself from these wily deceptions. Check out the expert-recommended tips below:
- Enable Trusted DMs Only — Twitter has a direct messaging system that allows its users to get personal messages from only those profiles that they choose to follow. Once you activate this feature, no more random spam messages from fake bots.
- Join Web of Trust — This is a free tool that rates websites on the basis of malware contamination and filters them out. Given Facebook’s recent partnership with the Web of Trust, it is easier for you to join the community and extend its advanced protection to your very newsfeed.
- Get Two-Step Login Authentication — One of the easiest ways to safeguard your social media profiles from getting hacked is by enabling the two-factor authentication. This way each time someone tries to log into your accounts, he or she will have to first supply the password and if they guess that right, they will have to enter a four-digit pin code that is directly sent to your registered phone number. This double-verification is a good phishing preventer.
- Spot Amateur Diction — Most of the fake profiles, which post phishing links on social media platforms, do not pay attention to pristine grammar. This can be a distinguishing factor for you. Therefore, the next time you see a suspicious link, get your grammar glasses on to spot the errors and give a verdict.
- Recheck URLs – A typical phishing medium is the carrier URL. Always double-check a link’s authenticity before clicking on it. Hover your mouse over it and see if the web address shows. If you have a doubt, Google the organization under the pretense of which the link is given or go ahead and use those smart URL checking tools.
- Beware of Permissions — Facebook offers on-site connections to various third-party websites. If you come across such a service, the social media platform first asks your permission for the third-party site to access your personal details. Before you click on that ‘Yes’, be sure to see what you are agreeing to. Make sure it is nothing that can be compromised.
- Update Security — Each year, cyber-security experts come up with new safety solutions for you to surf the social media flux without getting attacked out of the blue. Keep yourself updated on this software and tools to prevent being phished.
In conclusion, stand your ground against social media phishing attacks. Do so by knowing the forms in which they come in and by following the aforementioned protective tips.