Deceptively genuine parcel delivery messages or urgent emails, including a request for action in the name of the bank – fraud attempts via the email channel are becoming more and more sophisticated and are making it increasingly difficult for the “normal consumer.” Distinguish legitimate communication from phishing attacks. But cybercriminals also leave no stone unturned on Instagram, Linkedin, Facebook, and Co. to intercept personal data to gain control over the social media accounts of their potential victims.
Social Media is becoming Increasingly important for Attracting Customers
Platforms such as Instagram or Linkedin are becoming increasingly important as marketing platforms, customer acquisition tools, and information channels. This makes them all the more attractive to fraudsters, who, in many cases, cast their net via phishing. They are becoming more and more perfidious, as an example from the Lazarus Group from last year impressively showed. In the attack on a Spanish aerospace company, the hackers posed as recruiters from Facebook’s parent company, Meta. They promised a prestigious job if the aspirants agreed to complete two coding challenges. However, the employees in question did not know that they were downloading malware during this task, which turned out to be quite simple.
But it can also be more trivial: Since the majority of users on social media tend to be less suspicious, cybercriminals have already used fake online discounts. They then quickly and easily collect user data through seemingly genuine promotions by expensive brands that require you to enter personal information to participate.
In Principle, Phishing Attacks can take various forms:
On the one hand, there is the chat: If users enter into private exchanges with others via the platform, hackers could take the opportunity to intervene in order to obtain sensitive data, for example, by urgently asking them to follow a request from them, for example, to reveal information or to follow a link.
A phishing attack could also be a post published by a hacker or a bot that mentions a company known to the user, which references a press release or other current information. Many users get fake malware on their computers when they read fake comments on popular posts with links to attention-grabbing headlines. A common pitfall is redirecting from an official position to a webinar or streaming event with a call to action such as “We are now live. Participate quickly.” As soon as you click on it, you will be taken to a phishing website or download the malware directly. Hackers are still having success with fake customer service accounts.
Protection against Phishing Attacks
In order to adequately protect yourself from phishing attacks on social media, both technical measures and educational work should be carried out. Given the increasing number of fake accounts, it is important to exercise caution before accepting friend requests from supposedly professional contacts. It is important to check apparently legitimate requests that include updating personal data – reputable social media platforms do not normally ask their users to divulge sensitive information in this way. A look at the support pages can also help here. Users must report suspicious posts, comments, or links to the platform operators or their IT department. Enabling two-factor authentication, installing antivirus software, and using strong passwords and changing them regularly (alphanumeric, with special characters, and longer than eight characters) also protects against phishing and other threats and can help prevent unauthorized access. Third parties do not have access. Companies that want to communicate with their customers and partners via social media channels should limit the editor permission for their company accounts on social media platforms to as few people as possible in order to minimize the security risk.