Social media as a phishing tool

Phishing is a technique used by cyber criminals for getting sensitive data of users (typically passwords, credit card numbers, logins etc.). The main identification sign is that a phishing attack pretends to be a real link from various companies (usually banks, on-line payment portals, e-shops, government, etc.) luring a user to click on it. And by such click on a phishing link you in fact give all your sensitive information to attackers on a silver plate. With the expansion of social media there is a great potential for using phishing on such networks as well.

The main principle of phishing is to send messages via e-mails and messaging apps. These messages invites receivers to some action, usually connected with entering their login information to a false website which pretends to be real (almost identical form to the official website). Because attackers are very often interested in getting someone else´s money, these phishing attempts are usually connected with banks and their internet banking interfaces. We all are careful about such false messages received by e-mail so attackers has to develop new approaches and techniques. That´s why we are not safe in the environment of social networks.

If before the attackers had to make e-mails look real and official, now they move these efforts into ruling over profiles of your friends or creating advertisements pretending to be a real communication of a company. When pretending being your friend, they usually ask you to provide your mobile number or logins with various pretexts (e.g. they have lost their phone or they need some kind of help). When you are in doubts, try to contact this friend by some other way (call, write e-mail, personal visit). When pretending to be a real communication of a company, attackers usually create a false website which their advertisement links to, with a single and one and only purpose – to copy your login information and thus to get the access to your account.

Number of these forms of attacks rises every day and it is really important to be careful and to pay attention to details. Always look at the website name and link and if there is something suspicious, do not click it. If usually you login into a website in a secured mode (with https://) and now there is no https, do not click it. If usually a secured website has some security certificate and now it is missing, do not click it. Summarizingly said, be careful what you click on, because there is a lot of you risk with every single click on a potential false website.