Phishing is most commonly associated with email, but social media are quickly becoming a major hunting grounds for scammers, according to Elliot Volkman from PhishLabs. Social media present many of the same problems faced by email, such as impersonation, credential theft, and various types of scams, but it also facilitates intelligence gathering for targeted attacks. Additionally, attackers can interact with other accounts to confuse users, rather than being restricted to one-on-one conversations.
“Because phishing is the malicious use of social engineering, impersonation plays a huge role in the success of an attack,” he explains. “By posing as someone with any kind of authority, it’s easy to damage that person, the brand associated with them, and trick users into taking a specific action....One of the most common examples is that when a celebrity posts a Twitter, a threat actor replies to it, posing as that user, saying they are giving away free bitcoins. Hint: they aren’t.”
Volkman also points out that attackers shift their tactics as the market changes in order to target the largest number of potential victims.
“Take for example your organization,” he says. “As a brand, there is a good chance there are set profiles on the largest networks; however, what about your users and employees? The more prevalent and engaged a digital medium, the greater the likelihood that a threat actor will attempt to abuse it.”
One of the benefits of the increased connectivity offered by social media is that users can band together to call out scams when they see them. All organizations can benefit from providing new-school security awareness training to help their employees better defend themselves against social engineering attacks. PhishLabs has the story: https://info.phishlabs.com/blog/how-social-media-is-abused-for-phishing-attacks
