Posting daily life, sharing information, and buying and selling can be done on many social media platforms. On the other hand, social media has become a new avenue for criminals to commit their crimes. If ten years ago email, SMS, and telephone were the common means for criminals to carry out their actions, now they use phishing techniques to deceive their victims.
Example of social media phishing
Facebook quizzes
Facebook quizzes seem harmless like “Write down your birth mother’s name and the name of your first car to find out your band name!” and so on. These seemingly random questions are actually common security questions asked for login. That’s why you should think twice about providing any information on social media.
Phishing emails
If the social media platform you are using wants to communicate with you, they will usually send you an email just like when you reset your password. Scammers often use fake emails that look as similar as possible to social media companies. They send you an email with a link that could contain malware or take you to a similar site, and then ask for sensitive information or banking details.
Crypto scams
Crypto investments promoted through Facebook and Twitter pages are a common phishing tactic used by hackers. This tactic is usually promoted through lesser-known celebrities.
CEO fraud
Fraudsters capitalize on the tendency of human nature to unquestioningly do what their seniors ask. This type of fraud thrived during the pandemic when remote working became the new normal and coworkers were no longer physically together in the office. Typically, these scams occur through fake emails or profiles.
Fake job offers
Scammers often post fake job ads and fake job pages on LinkedIn. Applications containing sensitive information will be used by scammers for their purposes. Some congratulate the applicant on landing the job, and send a fake first pay packet. Soon after, they ask the victim to send some amount of payment back to them for some reason.
How to avoid phishing attacks on social media
- Don’t accept friend requests from someone you don’t know, always check first if the account is really someone you know or a fake account
- Do not click on posts, tweets or direct messages unless you are absolutely sure that they are genuine, especially if the link asks for personal information
- Use different login details such as usernames and passwords for each account you own/manage
- Only enter personal information on protected sites (URLs beginning with HTTPS)
- Take time to consider your actions before responding to people on social media
- Recognize threats of financial trouble or offers of something too good to be true
- Call the correct number of the organization or individual that the post or tweet you are reading claims to be from to confirm its authenticity
- Remain cautious about engaging with posts that appear to be from someone you trust as it is possible that their account has been hacked or spoofed
- Check that legitimate business accounts have a Twitter blue tick or are verified, they will also never ask for login credentials
- Check the number of followers on the account as genuine organizations tend to have a much larger following
- Install Antivirus software that helps detect attacks on the computer and block unauthorized users from gaining access
- Keep the operating system up to date to prevent hackers from gaining access to your device through vulnerabilities in outdated systems
- Use enhanced privacy settings, regularly check and adjust your privacy settings to limit what people can and cannot see on your profile
If you are a victim of social media phishing, report the incident to the social media network via the report mechanism on the site or app.
