Phishing Attacks Target Social Networks

Phishing Attacks Target Social Networks

Phishing is one of the most widely used methods for stealing information by cyber criminals (Stern, 2015, p. 1). They create emails, links, and use web sites that appear to look legitimate to request users to share sensitive information or data. According to research by Kaspersky Lab (2015), said that “22 percent of phishing scams on the web target Facebook, and phishing sites imitating social network websites comprised over 35 percent of all cases in which Kaspersky Lab security products’ anti-phishing components are triggered” (p. 2). In addition, Kaspersky Lab pointed out that “there are over 20,000 incidents every day in which a user attempts to click through on links that lead to fake Facebook pages” (Stern, 2015, p. 2). Lastly, the researches have stated that 1 in 5 phishing scams target social networks like Facebook (Stern, 2015, p. 2).

        So why are attackers so interested in getting access to a user’s Facebook account? The reason is that people are more likely to trust an email message or Facebook message from one of their Facebook friends then from a complete stranger (Fake Social Networking, n.d.). Therefore, they are more likely to click on suspicious links or suspicious emails from friends that they are connected with on Facebook (Stern, 2015, p. 3).

Social networking sites like Facebook that promote global communication where people from all around the world can meet and talk, have also made it easy for cyber criminals to use the social networking website as a way to steal personal information (Fake Social Networking, n.d.). What’s more, social networking websites have made it much easier for an attacker to customize their phishing attack so that they have a higher success chance of scamming someone.  An attacker will use your profile information in order to mount a successful attack.

Once an attacker obtains access to your Facebook account, he will gather information on you and your friends list. For example, the attacker discovers that you are in a gaming community; therefore, the attacker can then assume that your friends’ interest are likely to be gaming as well. Since the attacker now has access to your account, friends list and distant neighbors (friends of friends), the attacker can easily customize his phishing scam through Facebook instant messenger and have a higher success chance of scamming someone.

To avoid falling victim to phishing scams, Kaspersky Lab recommends taking the following precautions. First, pay attention to the site’s security connection. If you receive an email notification that appears to be from Facebook asking you to enter your login information in order to access the content of the email, you should always check to see if the URL is preceded by https, “s” for secure connection (Stern, 2015, p. 6). Second, compare the email address of the sender to the email address of the person or organization that you usually get it from (Stern, 2015, p. 7). Third, pay attention to spelling errors and other signs that appear to be a common phishing scams. For example, if you notice spelling errors and if you hover over the www.facebook.com URL and it shows something else other than that, then it’s most likely a phishing scam (Stern, 2015, p. 8). Fourth, when you click on a link always verify the integrity of the URL. For example, if you click on a link and you are redirected to a new page and the URL isn’t in line with where you expected to go, then you should leave immediately because it’s most likely a scam (Stern, 2015, p. 9). Fifth, if you start to get suspicious emails or Facebook messages from your friends, then there is a high chance that they got hacked. You should notify them immediately and do not respond to any of the suspicious emails or messages (Stern, (Stern, 2015, p. 10).

...