While social media is one of the most powerful tools of modern communication, there are still plenty of criminals online who use it to take advantage of unsuspecting users. Much like the more traditional methods, phishing on social media is the act of manipulating someone on a social media platform into revealing sensitive information. This information could share anything from a simple phone number to confidential banking information – potentially even putting you at risk of identity theft.
How Is It Done?
You feel your pocket vibrate, check your phone, and see that Jason has just sent you a friend request and a message with a link to his latest project! While the message is a bit odd – he rarely sends anyone private messages – you do remember him posting about his recent work. Weren’t you already friends on Facebook? Regardless, you click the link – now, your information has been compromised.
Unfortunately, the message wasn’t from Jason and the link wasn’t to a project. By gleaning relevant details from other social media accounts, a scammer was able to create a new account with a similar username to Jason’s, then adding his personal information and profile picture to seal the deal on a fake account that would later be used to contact Jason’s friends and gain access to their information.
The open nature of platforms like Facebook, Twitter, Tumblr, and Reddit allow users to widely share anything to anyone – something that can be both a useful tool and an incredible threat.
Malicious posts may be loaded with hashtags or even mention users directly, then dropping a link redirecting them to – supposedly – a great deal, some internet drama, or an interesting article. These posts can be quick to catch the eye of anyone who happens to stumble upon them but can be deadly to personal privacy in just a few clicks.
With live streaming and video becoming an increasingly large part of the online conversation, phishing attackers have developed new ways of finding an audience – the comments section. From the smallest YouTube channels to the most popular live streams, spambots can regularly be seen sharing links that redirect to malicious websites. For unsuspecting viewers, it can be easy to mistake these comments for people trying to add to the conversation or share a useful resource during a discussion. Unfortunately, taking a chance on these links can take its toll in a big way.
How to Keep Yourself Safe
Reach Out Directly
If you received a message from a friend that seems a little “phishy”, reach out to them directly! Letting them know about the message helps you identify legitimate messages and lets them know if someone is using their name or likeness to swindle people on social media.
Never Click Untrustworthy Links
If you receive a message that feels like spam, don’t click on the link. It can be a challenge for platform holders to constantly moderate their sites with so much content being shared every second, leading to many malicious posts slipping through the cracks. When browsing online, only click on links that come from trustworthy sources – especially on social media.
It’s important to remember that these attacks are continually evolving as attackers discover new vulnerabilities in our digital lives. While there are always new digital threats, taking the proper precautions can go a long way in keeping yourself, your friends, and your data safe online.