The most interesting trend to surface in a recent phishing report was a 100 percent increase in phishing campaigns leveraging social media platforms, accounting for 20 percent of the top 10 most phished brands.
Phishing actors are always innovating and creating new methods to lure victims into gaining access to their financial information, PII, and user accounts. Understanding the latest phishing techniques and threat actor tendencies can help organizations to stay one step ahead of phishing threats targeting them.
Fake social media profiles have been a problem for some time. Back in November, Facebook admitted that up to 270 million accounts on the social network are illegitimate and in January Twitter disclosed to investors that up to 60 million accounts are not what they seem. But why the rise in fake accounts associated with phishing activity?
There are several potential reasons why social media is drawing more attention from threat actors. For one, the growth in popularity of financial integrations within social media platforms that, for example, give users the ability to send and receive money, can make for an easy payday. There’s also the possibility of using sensitive information from posts, messages, and profiles that can be used as lures in social engineering attacks.
For organizations that leverage social media to engage with customers and prospects, these figures should act as a wake-up call; advanced social threat detection is now a critical capability and no longer a nice to have. The low barriers to entry and high visibility of social media make it a fast and powerful tool for threat actors to commit fraud by impersonating your brand. Users who are taken in are likely to place some of the blame on the impersonated organisation for not better protecting its brand, and those same social media platforms can be used to amplify their sentiment, further tarnishing the brand.
Knowing your phishing risk is only half the battle; real-time monitoring and web enforcement should be deployed to help you protect your organization’s assets.
Let’s stay safe out there.