Not too long ago there has been waves of attack from phishing criminals which involves a differently sophisticated method by utilizing social media platforms such as Facebook and Twitter. Targets can most likely be banks, trading platforms and financial exchanges involving fiat and digital currencies. Here is how it works:
- After finding their target financial institution the scammers will find communities, pages and groups in the mentioned social media to observe and study the layout, design, and behaviors of the members of their target.
- Scammers will decide which community to take action on and then they will create a social media page eg. Facebook and Twitter which imitates the official page/presence of their target.
- Notice the image above it has no blue check-mark besides the username which indicates that the account is not verified, same is true with Facebook. This fake social media account will look for frustrated or none suspecting customers on the original page, and then tweet them or private inbox them pretending to be a customer service representative.
- Private messages are not always applicable in this method. Say for example in Facebook the scammers are able to share the profile picture of the victim and then tag them. Once the victim gets in contact they will be able to social engineer and trick the victim it’s either through email communication or directly send a phishing URL which contains sophisticated contents to phish for information.
- Always exercise vigilance on sites that you visit by looking at the URL first whether it looks suspicious or strange. It is better to type in the official URL in the address bar rather than clicking URLs in your email or social media accounts.
- In social media platforms it is always import to be knowledgeable on configuring one’s privacy settings. It is always a good idea to filter the posts that you want to see on your account.
- Anti-Phishing technologies should be utilized from an Anti-Malware software where a toolbar/extension should be installed to do URL analysis for a user. One good software which does that is Trend Micro Maximum Security.