Phishers Cast Their Nets in the Social Media Pool

by

Share this news now.

By Ian Moyse, EMEA Channel Director

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

It can seem at times that the only people who like change are Internet attackers. And they don’t just like it—they need it. Technology’s rapid changes give cybercriminals new attack vectors to exploit, and new ways to turn a profit out of someone else’s misfortune.

Take phishing, for example. The concept is simple: Send an email disguised as a message from a bank, PayPal, or UPS. Wait for the user to click a link in the message, and enter their private details into a phishing site, and presto! The attacker attains financial or personal login details that can be used to commit fraud or theft.

Of course, it was only a matter of time before most people caught on to email scams. Users read again and again not to click on such links. Mail solutions became better at spotting phishing emails and filtering them into a junk email folder. Even free Web mail providers now catch the majority of these attacks.

Once cybercriminals noticed their traditional phishing approaches were returning lower response rates, they rapidly adjusted to new mediums. As a result, a new trend emerged: smishing (social media phishing) became the new trend in cyber attacks.

The underlying concept is the same, but the attack mechanism is different. Instead of targeting users via email, cybercriminals use social media messaging and advertising to lure their victims.

For hackers, it’s the perfect opportunity. They can cheaply buy lists of Facebook login details, hack into users’ accounts, and send personal-looking messages to an individual’s entire friend list. The majority of users are more trusting of a post from a friend than a suspicious email in their in-box, making smishing more effective at luring users to phishing sites.

Just remember: What you see is not always what you get, especially in the cyber world. When you receive a message or shared link from a friend, don’t assume it is actually from them. The attack vector is new, but our old advice still applies: Stop and think before you click.Webroot blog stats


Share this news now.
Phishers Cast Their Nets in the Social Media Pool by