Cybercriminals go phishing for data in the social media pool
The latest quarterly report from NortonLifeLock's global research team, Norton Labs, looks at how cybercriminals are using social media phishing attacks to steal private information.
Based on analysis of a full year of phishing attacks on the top social media platforms, it finds plenty of fake login pages designed to trick victims into inputting their login credentials, but also a diversity and complexity of lures going far beyond that one technique.
Tactics use include fake account lockouts -- making it seem that a victim's account has been locked luring victims to reveal login credentials -- or getting users to install malware on the promise of increasing follower count. The report also highlights the use of verified badge scams -- prompting users to login to obtain, or not to lose, their verified status on the platform. Malicious websites also exploit well known social media brands to ask you for your credit card details by simulating a problem with your account.
Another phishing campaign tactic aims to intercept temporary codes to break into profiles with two-factor authentication enabled. Scammers are already exploiting the back-to-school season too, with a variety of financial scams, such as bogus offers of scholarships and financial aid for students.
"Threat actors use social media for phishing attacks because it's a low-effort and high return way to target billions of people around the world," says Darren Shou, head of technology at NortonLifeLock. "As social media is intertwined in our daily lives, it's key to know how to spot the signs of a scam, and keep a sharp eye on where requests for your information are coming from. Even better, consider strong, multi-layered security that can be on the lookout for you."
You can get the full Consumer Cyber Safety Pulse Report from the Norton site.