Categories
Education social networks

New Social Media Phishing : Scammers promises of a ‘blue checkmark’ !

Phishing attacks are targeting your social network accounts

Scammers promises of a ‘verified badge‘ next to your profile !

such as Twitter, Facebook, Instagram, and TikTok.

 

Scammers are targeting your social network accounts with phishing emails that pretend to be copyright violations or promises of a shiny ‘blue checkmark‘ next to your name!

 

What is Social Phishing?

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

How can social media be used in a phishing attack?

Criminals are using social media platforms to launch phishing attacks. Some scammers befriend their targets and get them to divulge more personal information than they intend to. … Propagation attacks. Some phishing attacks use fake landing pages and trick users into logging-in using their credentials.

New Social Phishing

With social networks such as Twitter, Facebook, Instagram, and TikTok becoming a significant component in people’s lives, attackers target them for malicious purposes.
These stolen accounts are then used for disinformation campaigns, cryptocurrency scams like the recent Twitter hacks, or sold on underground markets.

Due to this, social accounts should be treated as a valuable commodity and protected as such.

The social network phishing attacks to watch out for

Over the past month, MalwareHunterTeam has been tracking numerous phishing campaigns that target your socials network accounts and has been sharing them with BleepingComputer.

Below we outline the two most common social network phishing scams you may run into so that you know how to avoid them.

Fake verification phishing pages

The first phishing campaign has become popular lately as it promises to get you verified checkmark on social networks like TikTok, Instagram, and Twitter.

The most common social networks targeted with this scam are Twitter and Instagram and will prompt users to enter their login and password to get verified.

Not as common as Instagram or Twitter, TikTok phishing pages are also being created that promise users a shiny verification badge.
Almost all of the landing pages we have seen pushing these verification scams contain the word ‘verify‘ or ‘badge‘ in them, so be wary of any URLs containing these strings and claiming to be able to verify your account.

Fake copyright violation pages

Another widespread social network phishing campaign pretends to be a copyright violation for a post you made.

These phishing pages state that your Twitter or Instagram account will be suspended in 24 hours unless you log in and dispute the copyright infringement claim.

Below you can see an example of recent Twitter and Instagram copyright violation phishing pages.

New Social Media Phishing
New Social Media Phishing

What makes the Instagram phishing page interesting is that it will display your actual profile picture on the phishing page to make it appear more legitimate, as shown by the image of Dwayne Johnson above.

It should be noted that the Instagram phishing page above also targets your email account password, as taking over an email account gives a wide range of access to other accounts.
What makes the Instagram phishing page interesting is that it will display your actual profile picture on the phishing page to make it appear more legitimate, as shown by the image of Dwayne Johnson above.

It should be noted that the Instagram phishing page above also targets your email account password, as taking over an email account gives a wide range of access to other accounts.
This web sites for these copyright violation phishing pages will usually contain the words ‘copyright’ or ‘violation’ in the URL, which makes them easier to spot.

 

also read :

What you should do if you fall for these scams

These scams wouldn’t exist if people didn’t fall for them.

Maybe its lack of sleep, stress at work, or you just got into a fight with your partner; falling for phishing scams can happen by accident.

If you mistakenly fall for one of these scams and enter your login name and password, you should immediately log in to the service and change your password.

You should also enable 2FA/MFA on your social accounts to prevent scammers from stealing your accounts without having access to your mobile phone.

Also, multi-factor authentication should be enabled on your email account, as once attackers gain access, it makes it much easier to steal other accounts you own.