6 Ways to Combat Social Phishing Attacks
Phishing is the number one method of attack delivery for everything from ransomware to credential theft. We know it is coming by email, but other phishing types have increased. In recent years, social phishing over social media has skyrocketed by 500%. There has also been a 100% increase in fraudulent social media accounts.
Phishing over social media often tricks the victims because people tend to let their guard down on social platforms like Facebook, Instagram, Twitter, and LinkedIn. They’re socialising and not looking for phishing scams. However, phishing scammers are looking for you and will reach out via friend requests and direct messages.
Learn how to secure your social media use to avoid these covert attacks.
Make Your Profile Private on Social Platforms
Phishing scammers love public profiles on social media because not only can they gather intel on you to strike up a conversation, but they can also clone your profile and put up a fake page for phishing your connections.
Criminals do this to connect with those on your friends or connections list to send social phishing links. These targets will be likelier to click because they believe it’s from someone they know.
You can limit your risk by entering your profile and making it private to your connections. By doing this, only someone you’ve connected with can see your posts and images, not the general public.
For sites like LinkedIn, where many people network for business, you might still want to keep your profile public, but you can follow the other tips below to reduce your risk.
Hide Your Contacts/Friends List
You can keep social phishing scammers from trying to use your social media profile to get to your connections by hiding your friends or connections list. Platforms like LinkedIn and Facebook both give you this privacy option.
Just be aware that this does not keep scammers from seeing you as a friend or connection on someone else’s profile unless they have also hidden their list of friends.
Be Wary of Links Sent via Direct Message and in Posts
Links are the preferred way to deliver phishing attacks, especially on social media. Links in social posts often use shortened URLs, making it difficult for someone to know where the link is directing them. Therefore, it is even more dangerous to click links you see on a social media platform.
A scammer might chat you up on LinkedIn to inquire about your business offerings and give you a link that they say is to their website. Unless you know the source to be legitimate, do not click links sent via direct message or in social media posts. They could be leading to a phishing site that does a drive-by download of malware onto your device.
Even if one of your connections shares a link, research where it comes from before opening it. People often share posts in their feeds because they like a meme or picture within the post. However, people never take the time to check whether they can trust a source.
Don’t Participate in Social Media Surveys or Quizzes
While it may be fun to know what Marvel superhero or Disney princess you are, stay away from quizzes on social media. These surveys or quizzes are a ploy to gather data on you, and scammers will use this data for targeted phishing attacks or identity theft.
The Cambridge Analytica scandal that impacted millions of Facebook users’ personal data did not happen long ago. The company was using surveys and quizzes to collect information on users without their consent.
While this case was high-profile, they’re by no means the only ones that play loose and fast with user data and take advantage of social media to gather as much as possible.
It’s best to avoid any types of surveys or quizzes on any social media platform because once your personal data is out there, there is no getting it back.
Avoid Purchasing Directly from Ads on Facebook or Instagram
Many companies advertise on social media legitimately, but unfortunately, many scammers also use the platforms for credit card fraud and identity theft.
If you see something that catches your eye in a Facebook or Instagram ad, go to the advertiser’s website directly to check it out, do not click through the social ad.
Research Before You Accept a Friend Request
Getting a connection request on a social media platform can be exciting and mean a new business connection. But this is another way that phishing scammers will look to take advantage of you and try to connect with you. Typically, this can be the first step before reaching out directly via DM.
Do not connect with friend requests without first checking out the person on the site and online using a search engine. If you see that their timeline only has pictures of themself and no posts, that’s a big red flag that you should decline the request.
Can Your Devices Handle a Phishing Link or File?
Safeguarding your devices with DNS filtering, managed antivirus, email filtering, and more is crucial. These services will help protect you if you click on a phishing link.
Contact us today to find out how DreamIT Host can help!
Click here to view DreamIT Host’s Email Hosting plans.
The article is used with permission from The Technology Press.