Phishing: It may sound like a fun summer activity, but change a few letters and throw in some criminal intent and you’ve got a genuine cybersecurity threat.
Wondering what in the world we’re referring to?
Phishing is the practice of cybercriminals contacting targets digitally while pretending to be a legitimate organization. Their goal is to get the victim to click a link or reveal personal details in the hopes that they can hack into electronics, install unwanted malware, or steal sensitive information like financial logins or credit card numbers.
Gonna Need a Bigger Boat
In the past, phishing has traditionally involved email or phone calls, but today scammers have expanded their reach using social media. In fact, according to the Federal Trade Commission (FTC), 25% of fraud victims in 2021 reported falling for scams or phishing that started on social media.
These attacks may come directly from social media or in the form of emails that are supposed alerts about one’s social media accounts, but it’s clear that the interconnected nature of today’s world has resulted in more opportunities for bad actors.
Gone Phishin’
Phishing scams can appear differently based on the platforms the scammers are using to target people. Here are a few common examples from around the web:
Facebook/Instagram
- Receiving an email from “Facebook” or “Meta” with an alert that you might lose access to your accounts unless you take an action, like changing your password. Clicking on the link typically triggers malware.
- Being friended or followed by fake accounts and then sent messages with clickable links that will download malware.
- Due to Twitter’s character limit, links often need to be shortened. Here it’s easier for scammers to hide sketchy links using services like bit.ly to shorten the URL.
- Receiving a message or email promising tons of extra followers or verification (can occur on Instagram as well). This can not only open you up to a cyberattack, but you could also be flagged by the platform for interacting with too many fake or “bot” accounts.
YouTube
Seeing a video that has supposedly been removed for “copyright reasons.” Attempting to view the video by clicking on a third party link in the description could lead to a malicious site.
Believe it or not, even the more professional-toned LinkedIn can have scams, such as fake job applications posted in order to collect personal information.
Casting a Protective Net
It might be tempting to swear off social media entirely to avoid the risks, but it has become increasingly hard to do so today. Instead of worrying about the potential for issues to arise on social media, take some of these precautions to live defensively online.
- We’re starting simple – never share sensitive or financial information on social media, including in direct messages.
- If you’re following a link from a social media site, check to make sure it’s secure with an https://. You may be able to hover over the link to see where it’s redirecting you. If you’re unsure, play it safe and don’t click!
- Don’t download an update or go to a login page via a link from an email. Instead, type the actual site’s information into your browser manually. It may take a bit longer, but it could save you in the long run.
- If you are suspicious of something like a request to change your password for security reasons, pick up your phone and call the company to see if your account has any outstanding issues.
- If something looks too good to be true, it probably is. In all likelihood, you won’t be able to get a free $500 gift card or 50,000 new followers from an email or a social media ad.
- If you receive an email that looks like it’s from a company you trust, check the sender’s email carefully. It may show an indicator that it’s coming from a fraudulent or suspicious account.
- Consider protecting your computer with additional security software and your social media accounts with multi-factor authentication. Using this authentication, you can ask that a code be sent to your email or phone number for additional security.
Believe you’ve been the victim of a scam or cyber attack? Update your computer’s security software and run a scan. Then go to IdentityTheft.gov to find out what to do next based on what information was stolen (credit card, bank account, social security number, etc.). You can also report the phishing attack to the FTC.
To learn more about living defensively in other aspects of your life, check out the Concealed Coalition Membership! We’ve got a wide variety of courses that can help you protect what matters most, whether you’re a self-defense newbie or a seasoned pro.
Sources: Forbes.com, Forbes Tech Council, FTC, va.gov