Social networking phishing is an indirect form of online fraud whereby attackers use fake or stolen identities to masquerade as reputable entities. Through this, attackers acquire such personal information as login credentials and account information, which can be used for further malicious intent.
Why Social Networking Phishing is so Dangerous
Every single day, 600,000 Facebook accounts are compromised in some way. Moreover, 12% of fraud reports are related to social media, with cases having quadrupled over a five year period to 2014, and costing victims about $80 million in 2014.
Phishing attacks, particularly in social networking sites, are far simpler than other ways of stealing account details such as: stealing credentials from social network providers by pretending to be the account holder; exploiting potential weaknesses in the lost password feature, using information sourced online about an account holder; or using Trojans to harvest login and password details cached in web browsers. However, its simplicity is what makes social networking phishing even more dangerous than many other forms of online fraud.
One thing that makes social networking phishing so harmful is the fact that few people are as cautious about their account credential on social networking sites, as they are with their bank and credit card details. Moreover, phishers gather seemingly trivial information, only that people don’t realize such information can be used for incredibly malicious purposes.
Perhaps, the most dangerous aspect of social networking phishing is that even the most vigilant people can be affected. Phishers hijack accounts of close acquaintances and pose as them, making you open to attacks through people you trust.
Why You Are Targeted and How It Affects You
One of the first ways to deal with any type of online fraud is to understand why they happen in the first place. Finding out why social networking phishers target you will help you figure out ways of making yourself less of a target. And understanding the potential effect of such fraud will help you prepare for the unexpected.
Individual social networking accounts get targeted due to people’s laxity in securing their account credentials. Also, considering that there are billions of individual accounts, they do make a huge pool of potential targets.
People’s habits of sharing personal information with close online friends, or in public, make them prime targets for fraudsters hungry for such information.
Once gathered, personal information from phished individual accounts can be sold without your knowledge or approval. It can also be used to lure other potential victims. Worse still, you’ll experience a more extensive attack, if you use the same social networking account details in your email, bank, dating site and other accounts.
On average, a large company incurs an annual cost of $4 million due to phishing attacks, based on a 2015 Ponemon Institute of Cyber Crime report.
Considering that businesses are increasingly using social media, they are inevitably becoming more of a target for social networking phishing. Also, unlike an individual account which only the account holder has access to, multiple employees would have access to a business account. This increases potential attack points to infiltrate business accounts.
Businesses also have the additional challenge of malicious attacks from unscrupulous competitors or disgruntled employees and dissatisfied customers.
A phishing attack affecting your customers, through your company or employee accounts, could damage your brand image. Phishers could send wacky diet plans to clients, using accounts masquerading as your business or employees. Also, your business account may be hijacked to extort money from you or spread malware to your large client base.
Celebrities have the unique position of being in the public limelight and having extensive exposure and loyal following. They enjoy the trust and community feel of individual accounts, plus the visibility of business accounts. Hence, they would be prime targets for attackers who want to take advantage of the loyal following and exposure.
Celebrities may also not have robust security measures as organized businesses, which typically have dedicated online-security teams or hire online security consultants.
Much like business accounts, hijacked celebrity accounts can be used to extort money or spread malware. This leads to a cost recovery process and even affecting the celebrity’s image.
How Phishing Attacks are Carried Out
Once you know how phishing attacks happen, you can make plans to safeguard your social networking account.
Phishers may use the following strategies:
Pretexting – Based on presenting a reasonable pretext, phishers offer a seemingly legitimate scenario to access your privileged data, such as requiring your personal details for confirmation before you can claim a prize.
Pharming – Here a known website like Facebook may be spoofed so you can log in, giving the phisher access to your login details.
Doxing – In this case, victims face potential stalking, stolen identity and harassment due to private information gained in phishing attacks being leaked on social media.
Spear Phishing – The phisher sends emails spoofing from a known or trusted senders so victims can reveal confidential information.
How Individuals, Businesses, and Celebrities Can Deal With Phishing?
Being a form of social engineering (manipulating people into revealing confidential information, using deception), phishing needs more than technical expertise to prevent, manage and overcome attacks.
Generally, here are some of the way individuals, business, and celebrities can deal with phishing:
- Especially when logging in or typing sensitive information, first confirm the site’s SSL certificate from trusted certificate authority like Comodo which activates a padlock symbol and the “HTTPS” before the URL, evident on the address bar. SSL secures credit card transactions, logins and data transfers on social media sites.
- If possible, seek secondary confirmation before clicking on any link in messages, even messages sent from known social networking “friends” or “followers”.
- Use two-factor authentication where available. This uses a trusted device – like a mobile phone – to confirm your identity, as an extra layer of protection beyond your user name and password.
Apart from those basic measures, certain strategies are particularly useful for the individual, business and celebrity accounts.
Specific strategies for individuals:
- Since your individual account is meant for personal use, it may be wise to trim your social network to a few trusted friends. This reduces your exposure to pseudo accounts set up by phishers.
- Don’t share too much personal detail with people beyond your close circle of friends.
- Don’t fall for unrealistic offers.
Specific strategies for businesses:
- Have clear policed for your employees on the safe use of social networks.
- Ensure only appropriate employees have access to confidential information.
- Constantly search online and report any impersonations of your company, brand or employees.
- Provide official contact details where clients and potential customers can report potential phishing issues.
Specific strategies for celebrities:
- Always alert your followers to beware of phishing scams spoofing your account.
- Try to get your followers on email lists, so you’ll still have their contacts even if your social networking account gets hijacked.
By applying such critical strategies beforehand, you prevent costly recovery procedures.