Proofpoint has a new blog post that highlights the risks of (mis)using social media for technical support purposes:
It's a simple, brilliant scheme. The bad guys set up a fake Paypal Support page on Twitter, and then monitor the real Paypal Support page on Twitter for potential marks.
When users experiencing problems with Paypal hit the real Paypal Support account and their cries of woe appear on the Twitter support page for Paypal, the bad guys swoop in and respond to these users from their fake Paypal Support account with their social engineering attack.
The response is what's known as a social-media based angler phish, pointing would-be victims to a fake Paypal support site where users are asked to log in with their Paypal credentials. They are attacking users that are already expecting a response from Paypal support, making them prime targets. Once they do log in they've handed over their Paypal credentials to malicious actors, effectively guaranteeing that whatever problems they were experiencing with Paypal will likely seem trite in comparison to the misery the bad guys will now inflict.
Social media: that online space where you can not only waste endless hours of your precious time but also advertise yourself to fraud artists as ripe for the picking.
Paypal is working with Twitter to resolve this issue, but there are ways you can protect yourself. Use extreme caution before clicking on any link that asks you to enter your username and password. When in doubt go directly to the source, in this case going to www.paypal.com to log in rather than clicking on a link from a bogus account could save you from having your information stolen by hackers. And ALWAYS look for a secured HTTPS connection before signing into anything related to online banking.