Symantec Covers Top Social Networking Cyberheist Scams, Including Phishing

The Norton/Symantec “Your Security Resource” newsletter recently featured a story entitled “Top 5 Social Media Scams” that’s worth a read-through. It talks about the kinds of scams and rip-offs that occur routinely on social media sites such as Twitter and Facebook every day. Some of these are mostly benign, if a bit stupid (Chain letters, which essentially trick credulous readers into spamming friends, family, and co-workers with bogus information), while others can hit victims squarely in their pocketbooks or bank accounts. Three of the top five fit into this category:

  • Cash Grabs: Online “friends” report they’re in trouble, and ask you to “loan” them money, or even better, a good, solid, real-life friend sends you an urgent request for cash. In both cases, the trouble is fabricated, as some online friends you’ve never met in the flesh may also be. In fact, a scammer is requesting the money, and your real friends are neither in trouble nor aware that their identities are being used to poach your assets.
  • Hidden Charges: Requests to complete surveys, take tests, or perform other simple, silly time-wasters actually result in monthly charges assessed to your cellphone bill. Though such items are often advertised as “free and fun,” while they may be diverting, they’re definitely not free. Though Symantec doesn’t classify this attack as a form of phishing, it’s not unthinkable to regard it as a bait-and-switch technique to facilitate petty theft. Don’t take the bait, and do check your monthly phone bills closely. Worst case, you’ll only get zinged for a month’s charges, if you act fast, and protest loudly.
  • Phishing Requests: Phishing is not just an email phenomenon anymore. Wall postings or Twitter feeds can just as easily impel you to click a link to try to salvage your reputation, undo a mistake, or tackle a supposed account problem. Whatever you do, don’t click: it will probably take you to an elaborately-faked out replica of whatever real site you think you’re logging into, for the express purpose of harvesting your login and password, after which thieves can masquerade (and conduct business) as if they were you.

The most popular element on the Norton/Symantec list is labeled “Hidden URLs.” It refers to the common practice on Twitter (and all over the Web elsewhere) of providing shortened URLs for users to click in feeds or messages. You never know where you’ll wind up when you click such a link, so proceed with caution when you encounter links from,,, and so forth. This kind of bait has a lot in common with phishing, in that clicking the link can expose you to drive-by downloads and infest your system with malware (including the Trojans and keyloggers so beloved of criminal who foist phishing attacks on the Internet populace).

Norton/Symantec’s conclusion to this story is right on the money, enough so to be worth repeating verbatim: “Sites that attract a significant number of visitors are going to lure in a criminal element, too. If you take security precautions ahead of time, such as using antivirus and anti-spyware protection, you can defend yourself against these dangers and surf with confidence.” We’d like to observe that a well-informed user, one who’s had the right kind of Internet security awareness training (ISAT), is also far less likely to fall prey to such scams, simply because they’ve been made aware of the risks, and taught how to avoid potential trouble.

Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews