Social Media Phishing Scammers Abundant on LinkedIn, Facebook & Others
Are you ready to resist angler phishing? Social media phishing scams (angler phishing) are growing as cybercriminals see increasing success with executives and professionals on LinkedIn, Facebook and Instagram. Every employee needs to be aware of the danger posed by angler phishing and impersonation scams. It pays to make sure that staffers are prepared to recognize and resist outreach from clever social media phishing scammers.
Don’t let cyberattacks put the brakes on your business. Stay agile and keep your engine running under any conditions. Start your journey on The Road to Cyber Resilience now! DOWNLOAD THIS PACKAGE>>
LinkedIn Scams Net Unwary Executives & Professionals
Cybercriminals must agree that LinkedIn is their favorite resource to exploit to get that click for social media phishing scams: experts say that emails with “LinkedIn” in the subject line topped the list of most opened social media phishing emails again for 2020, marking its third year on top. LinkedIn phishing emails had a 47 percent open rate, almost unchanged from previous years.
Popular cybercriminal tricks on LinkedIn include:
- Phishing emails including subject lines like “You appeared in new searches this week!”, “People are looking at your LinkedIn profile”, “Please add me to your Linkedin network” and “Join my network on LinkedIn.”
- Targeting victims with an email alerting them to a “contact request” that’s actually a phishing email leading to a fake LinkedIn login page.
- Bad actors creating fake accounts and sending connection requests so that when unsuspecting victims connect with them, they gain access to all of the information in your profile plus build credibility that can be used to harm your connections.
- Cybercriminals posing as recruiters and reach out to users about a fake job post via LinkedIn Messaging, enabling them to snatch passwords and personally identifying information.
If Cybersecurity is Like a Game, Shouldn’t You Play to Win? Here’s How to Do It.
Facebook, Twitter and Instagram Hold Hazards Too
While LinkedIn is the cybercriminal go-to, Facebook, Twitter and Instagram aren’t any safer. The number two most opened social media phishing email at businesses of any size is a Twitter-related lure. Messages reading Emails with the subject line “Someone has sent you a direct message on Twitter!” had a 15 percent open rate. In third place is Facebook – emails entitled “Your friend tagged you in photos on Facebook” had a 12 percent click rate.
The most perpetrated phishing scams on these networks include:
- “Blue check” Instagram scams that send users an email offering them a certified badge, but a click on the enclosed “Verify Account” button, takes them to a phishing page.
- A favorite of cybercriminals that’s most commonly used on Facebook and Instagram is sending emails to users warning them of a security alert, like a login attempt from an unknown device, that takes them to fake login screens.
- In another popular Instagram scam targets receive a message that informs the target that their account is in jeopardy because they’ve committed copyright infringement, and “If you think copyright infringement is wrong, you should provide feedback. Otherwise, your account will be closed within 24 hours.” with a link that goes to a credential stealing page.
Add Essential Protection Against Attacks Using Phished Passwords
One of the major goals of social media scammers is to capture credentials like passwords. By combining secure identity and access management tools with strong security awareness training that includes phishing resistance, businesses can reduce the chance that their employees take the bait.
- Passly offers protection against credential compromise that goes to work in days, not weeks to secure your systems and data with multiple layers of defense including single sign-on (SSO), multifactor authentication (MFA) and simple remote management at an affordable price.
- BullPhish ID offers a painless training experience for everyone with personalized user portals, customizable training materials, and a constant flow of new training kits and videos.
Contact the experts at ID Agent today and make sure your business is doing all of the right things to prevent credential compromise through phishing from impacting your business.