Social Media phishing attacks jumped by a massive 500% in Q4,2016. The report claimed fraudulent accounts across sites like Twitter and Facebook increased 100% from the third to fourth quarter. So-called “angel phishing” is a relatively new tactic in which the black hats register fake Twitter accounts that masquerade as customer support accounts. They monitor the real support accounts for irate customer messages and then quickly jump in to send messages back to those users loaded with malicious links.
I was phishing attacked by an email that told me I was hired by a company which I never applied. I did search the person who was trying to interview me, I found out the real-person said she didn’t hire people through google hangout or skype. Also, she said her identity was stolen on LinkedIn. For students who is desecrating to get a job after graduation, I think this kind of phishing is very attractive. The only thing I didn’t get is how did them get my school email.
Link: https://www.youtube.com/watch?v=qE3lce3XGXw
I believe this is one of the most difficult challenge social media companies are and will be facing for a while. 500% is an alarming number that should convince Facebook, Twitter etc. that something drastic needs to be done to combat phishing. It will take them a lot of time before they get this right. All parties involved, including users, must play their part and do so well. Also, this is something that should start with all major companies working together to brainstorm strong efforts against massive social media phishing. Otherwise, it will become even more difficult if they opt to work individually to address this problem.
My company sends out “fake” phishing attempts to its employees in order to test and educate them. I actually fell victim to this test by opening up a link from someone that tried to add me on Linkedin. Without realizing the email looked suspicious nor reminding myself that my Linkedin account isn’t connect to my work email, I clicked on the link. The importance of making sure to click on links only from people and emails you recognize cannot be stated enough. If its someone that you don’t recognize, I suggest doing a google search to see what comes up.
Phishing and social engineering is always tough to beat, especially proper reconnaissance is done. Like what you see here from Facebook and Twitter accounts, customers now prefer to use social media to contact a company’s customer service. Disgruntled customers makes it easy for victims to be approached by a faux customer service rep. My recommendation is to always check your sources, either checking the email domain, or calling the company if you need help. You may never know who is really on the other side of the screen.