Scammers are always looking for new ways to get potential victims to engage. It appears that the latest trend is to leverage our familiarity with watching video to spawn an attack.
Everyday, people all over the world are engaging with video content on social media as a stimulating medium to learn from or be entertained. So, it makes sense that the bad guys would want to take advantage of the lowered defenses of individuals through the use of fake links to videos.
Video links can be sent to a potential victim via email or social media channels, usually using an “Is this you in the video???” angle of attack to create an emotional response – and get them to click.
It’s important to note that almost none of these attacks involve video at all; they are simply creating the need for a victim to click a malicious link under the guise of it being a video of interest.
Users should be taught to be weary of such requests, even when seemingly coming from someone they know. Hacked social media accounts are valuable social engineering assets to cybercriminals, as they can be used to send the same “Is this you?” message to everyone connected to the compromised account.
Users within organizations should be made aware of these and other tactics aimed at invoking an emotional response (that being the clicking of the malicious link) through continual Security Awareness Training.