Using an external platform trusted by potential victims is proving to be a vital tool in the cybercriminal’s arsenal. New data shows the state of the threat and who’s at risk.
The average business experienced around 81 social media attacks each month in Q1 of this year, according to new data from PhishLabs, increasing 12% over Q4, 2022 and 5% over Q1 of 2022. Dominating the list of industries targeted were banking and retail, which combined, represented nearly 58% of all social media-based attacks.
The predominant attack types were cyberthreats (which I’m interpreting as an attempt to gain access to a victim’s network), and impersonation (likely used as part of credential harvesting scams).
While phishing continues to be the leading initial attack vector, the use of social media presents attackers with a medium where the victim’s defenses are lowered, the content is less scrutinized, little to no security solutions stand in the way, and attackers can impersonate just about anyone they want.
It’s one of the many reasons why Security Awareness Training is so critical; without the user’s own sense of vigilance elevated at all times, it’s far too easy for attackers to leverage social media for malicious purposes against a willing victim.