Social Media: A Growing Phishing Pond

Phishing Pie ChartIn the past, hacking social media accounts has been popular among cyber criminals for a variety of reasons including the opportunity to spread malware and spam. Hijacked accounts can also be sold for money to other cybercriminals for the stolen data they contain. However, phishing attacks on social media are becoming an increasingly prevalent activity due to the extensive number of users that can be reached. For a cybercriminal, more users means greater profits.

According to research by Kaspersky Lab, one in five phishing scams on the web target Facebook. Social media sites are targeted due to the large amount of information that can be collected about a specific person. This information can then be used for more targeted phishing attacks both on and off social media.

Common Tricks

Phishing ploys within social media often take the form of messages from friends. This friend may claim to be in distress and ask you to send them money.

Another tactic is sending links through Facebook Messenger or the chat box that take you to sites that are infected with malware.

In addition, phishers often create an account that impersonates another user. They will send messages to the user’s friends claiming to have abandoned their previous account and asking that you communicate with them through this new account. Friending this person leads to further phishing messages designed to obtain private information.Creating imitation Facebook pages is also a popular phishing technique. Beware of short personal messages such as “Is that you in this photo?” and a link to the photo in question. Clicking the link could take you to a phishing site designed to imitate the Facebook login page.

Also look out for hoax messages making legitimate claims such as that Facebook has updated its policies. Injected into the content is often a malicious link that you are requested to follow in order to “sign up” or “give your permission”.

How to protect yourself

Never give private information out over social media, even if the profile is that of a friend.

Don’t “friend” people you don’t know

Do not click on strange links in direct messages, the chat interface, or hoax posts

Make sure to check the social networking site’s address when logging in. Imitation sites are used to capture your username and password which can then be used to hack your account

If you have multiple social media accounts, use different passwords for each

If you are receiving suspicious messages from friends on social media, notify them through a different medium that their account has likely been hacked


For more information, please visit:


Image from: