Be Careful Against Most Common Social Media Phishing Scams

Social media phishing is on the rise due to the large number of users and the trust people have in these social media platforms. Cybercriminals use this trust by creating fake profiles, sending malicious messages, and posting tricky ads or tests. Revolut's 2023 analysis indicates a significant increase in phishing scams on social media platforms like Facebook, WhatsApp, and Instagram, which made up 60% of all scams reported. This rise in social media phishing has continued in 2024.

These tactics work well because they look just like normal content, making it hard for users to notice their harmful intentions. This is concerning, as 95% of cybersecurity breaches arise from unintentionally clicking on malicious links, as reported by ReHack Magazine. It underscores the significant threat posed by social media phishing attacks and emphasizes the importance of user awareness.

What is social media phishing

Social Media Phishing is a type of cyber attack that happens through social media platforms such as Instagram, LinkedIn , Facebook , or Twitter . Scammers trick people on social platforms into giving away sensitive information like passwords or personal details. They might create fake profiles or messages to look legit, aiming to get users to click on malicious links or share private data, which is a big cybersecurity risk .

5 most common examples of social media phishing scams

Types of social media phishing scams are constantly evolving, ranging from email notification phishing to TikTok scams and fake job scams on LinkedIn. These malicious tactics prey on users' trust and familiarity with social media platforms, making it important to stay updated on emerging threats.

Here are the most common examples of social media phishing scams.

Email Notification Phishing

Email Notification Phishing is a type of phishing that involves sending malicious emails that fake alerts from reputable services or organizations, such as social media platforms, banks, or official government agencies. These scam emails are designed to trick people into believing they are receiving legitimate communications. The ultimate goal is often to steal sensitive information such as login credentials, financial information, or other personal data .

Here are some common characteristics of email notification phishing:

1. Fake Branding: The emails use logos, colors, and formatting similar to those of legitimate organizations to look trustworthy.
2. Urgent or Threatening Language: These emails often contain messages that create a sense of urgency or fear, making the recipient act quickly. For example, they might warn that an account will be closed or that immediate action is required to prevent a negative consequence.
3. Suspicious Links or Attachments: The emails usually have links or attachments that lead to malicious websites that can steal personal data or install malware.
4. Requests for Personal Information: The phishing email may directly ask for personal details, account credentials, or financial information, which legitimate companies would not typically request via email.
5. Errors in Text: Phishing emails often, but not always, contain spelling and grammar mistakes, which can be a red flag that the communication is not from a professional source.

Recognizing these signs can help individuals stay safe from email notification phishing scams.?It is advisable to verify the authenticity of any unexpected or suspicious emails before replying or clicking on any links.

Check out one of the email notification phishing scenarios from Keepnet's phishing simulator , which is designed to test users' awareness of various types of phishing attacks .

Tiktok Scams

TikTok, a widely used app with over a billion users in over 150 countries, has recently become a major target for cybercriminals.??

TikTok spams refer to unwelcome content on the TikTok platform, which can appear in various forms. These can include spam comments on videos, spam messages in direct messages (DMs), and spam accounts that follow users in large numbers or post spam content.

Here are some common types of TikTok spam:

1. Comment Spam: These are irrelevant or repetitive comments posted on videos, often promoting websites, products, or other social media accounts. They might include links or repeated messages that don't contribute to the conversation.
2. Message Spam: Unwanted messages sent to users' inboxes that can contain advertisements, phishing links, or other spammy content.
3. Follow/Unfollow Spam: Some accounts engage in a tactic where they follow a large number of users and then unfollow them shortly after, purely to increase their follower counts.
4. Bot Accounts: These are accounts automated to perform spammy actions, such as liking, commenting, or following other accounts excessively.

The most common social media phishing examples on TikTok include:

1. Easy money offers: Promises of quick financial gains that usually require an initial investment or sharing of personal information.
2. Fake giveaways: Competitions that attract users with big prizes to gather personal information or distribute malware.
3. Duplicated celebrity and influencer accounts: Fraudulent accounts that mimic real celebrities or influencers to trick followers into donating money or clicking on malicious links.
4. Romance scams: Fake profiles that establish emotional connections with users to cheat them out of money.
5. Bot accounts: Automated profiles that engage in spamming, misleading interactions, or spreading malicious content.
6. Adult content scams: Accounts or messages that lead to adult content intending to trick users into subscribing to paid services or downloading malware.
7. Bogus products and services: Advertisements or posts for fake or non-existent products and services designed to steal money or financial information.
8. Promoted scam apps: Applications advertised on TikTok that may compromise security or personal data once downloaded.

Spam on TikTok or other social media can be disruptive and harmful, leading to phishing or malware . TikTok uses guidelines and systems to fight spam, and users can report it to keep the platform safe and enjoyable.

Look at one of the recent cases of TikTok identity threats by watching the video below.

Fake Job Scams on Linkedin

Fake job scams on LinkedIn are fraudulent activities where scammers post unreal job openings or reach out to job seekers with fake employment offers. These scams are designed to trick individuals into giving away personal information, paying money, or performing tasks without actual employment.?

The most common types of LinkedIn social media scams include:

1. Fake Job Posting: Scammers create attractive remote job postings and conduct the entire hiring process online. After offering the job, they initiate a fake setup process to gather your personal details, IDs, and social security numbers. They may also ask for upfront payment for work-related equipment or training. Once they get the money, they disappear.
2. Fake Recruiter Profile: It's easy for scammers to set up fake profiles on LinkedIn, similar to those on other social media platforms. Using minimal details like a photo and fake work history, they impersonate real recruiters. They often send job offers or interview invites and use this cover to collect your personal information, pretending it's for job applications or referrals.
3. Fake Investor Opportunity: Scammers might contact you on LinkedIn with special investment opportunities, like cryptocurrency. They often create a fake company and website to appear legitimate. After building a professional rapport, they'll ask for money to secure your investment, only to disappear once paid.

Explore one of the LinkedIn fake job alerts from Keepnet's phishing simulator , which includes a variety of phishing scam scenarios.

To avoid scams, always verify job offers by contacting the company directly, be careful with your personal information, and be cautious of jobs asking for payment or sensitive details upfront. Use resources from LinkedIn and other platforms to spot and report suspicious job postings.

Phishing in-App

Phishing in an app is a type of social media scam where fraudulent activities are conducted through mobile applications to trick users into giving away sensitive information. This can include login details, financial information, personal data, and more.?

Here's how phishing typically works within apps:

1. Malicious Apps: Scammers might create apps that look legitimate but are designed to steal your information. These could mimic well-known apps or offer appealing features to attract users to download them.
2. Fake Login Screens: Some apps might encourage you to log in using your credentials for other services, like social media or bank accounts. These fake login screens capture your username and password.

Check out the example of fake Instagram login screens in our Keepnet phishing simulator library, which features many phishing scenarios .

1. Redirects to Phishing Sites: An app may redirect you to a fraudulent website that looks real. It might ask you to update your account information or enter personal details supposedly for verification purposes.
2. Requests for Permissions: Phishing apps often ask for extensive permissions that are unnecessary for their function. Granting these permissions can allow the app to access your contacts, messages, location, and more, which can be misused.
3. Phishing Links: Apps might send you notifications or display ads that lead to phishing sites or stimulate malicious software downloads.

To protect yourself, download apps only from trusted sources, check their reviews, be careful with the permissions they ask for, and keep your devices and apps updated.?

Customer Support Scams

Customer support scams are deceptive tactics where scammers pretend to be customer service representatives from well-known companies to trick individuals into giving them personal information, money, or access to their computers.

Here are the most widespread types of customer support scams:

1. Fake Contact Information: Scammers create fake websites or ads with phone numbers or contact information claiming to be from legitimate companies. When people search for support online, they might accidentally find and use these fraudulent contacts.
2. Unwanted Support Calls: Sometimes, scammers will call or email people directly, claiming to be from a reputable company's support team. They may say there is a problem with an account, a computer is infected with a virus, or they need to update billing information.
3. Remote Access Requests: During the call, the scammer might ask to take remote control of your computer to "fix" an issue. Once they have access, they can install malware, steal personal information, or lock the device and demand a ransom.
4. Payment for Services: Scammers often ask for payment for their "support" services, which can include renewing fake software licenses or removing non-existent viruses. They may ask for credit card details or direct payment via online transfer platforms.
5. Phishing Attempts: Throughout the interaction, scammers may try to get personal details, including login credentials, by asking you to confirm sensitive information while pretending to verify your identity.

To avoid these scams, always verify customer support through official channels, ignore unexpected help offers, never share personal or financial information with unverified sources, and don't allow remote access to your devices unless you're certain it's legitimate.

Watch the video below to check out common Customer Support Scam tactics.

How to Spot Social Media Phishing?

Spotting social media phishing scams is significant to protect your personal information online. Phishing on social media often involves scammers using fake profiles or messages to trick you into giving them your personal details. Here, we will delve into the main tactics that will help you prevent social media phishing attacks.

1. Look first at the source of the message

When you receive a message on social media, especially one that requests personal information or prompts you to click on a link, the first step you should take is to carefully check the source of the message. You need to check the sender's profile for authenticity signs like a history of interactions and posts and verify if the account has a blue checkmark for public figures and companies.

Notice any unusual changes in communication style or spelling. If still unsure, directly contact the sender through another method to confirm the message's legitimacy.

2. Identifying information like URLs and sentence structure should be checked

When reviewing messages on social media, it's important to examine URLs and sentence structure closely. Check URLs for legitimacy, watching for misspellings or odd characters that might indicate a phishing attempt. Scammers make fake URLs that look like real ones by adding extra letters or changing small details to trick you into visiting sites where they can steal your information.

Also, assess the sentence structure for unusual phrasing or errors, which can be signs of a social media phishing scam. Unusual phrasing or grammatical errors can indicate the message is not from a legitimate source, especially if it doesn’t match the typical communication style of the entity they're impersonating.

3. Must not share sensitive information online in an unsafe manner

To keep your social media presence safe, you should never share sensitive information online unless you are certain it's secure. Phishing scammers exploit social media to trick users into giving away important information like passwords, financial details, and personal IDs.

For example, imagine you receive a direct message on a social media platform from someone claiming to be from your bank, asking you to confirm your account details due to suspicious activity. Instead of responding directly through social media, you should contact the bank using verified contact information from their official website to confirm the request.

Being careful and sharing less sensitive information can greatly lower your risk of falling victim to these sophisticated social media phishing attacks.

Please take a moment to watch our YouTube video below, where you can learn how Keepnet's Phishing Simulation offers a safe environment to understand and recognize social media phishing tactics.

Understanding and recognizing social media phishing scams is important for protecting your personal and financial information from cybercriminals. Being able to spot these scams ensures you can safely navigate social media and websites, and protect? your digital identity. To further enhance your security skills, consider participating in Keepnet's Security Awareness Training.

Schedule your 30-minute demo meeting here, and you'll learn how to:

• Access over 500 security awareness training courses in more than 30 languages from over 12 leading providers, featuring content on social media phishing.
• Protect your organization from social media phishing attacks with security awareness training and simulations.
• Get high-level management reports, including employee awareness of social media phishing attacks and your organization's risk score.

FAQs about Social Media Phishing Scams

How is phishing done in social media?

Phishing on social media typically involves scammers using fake profiles to send direct messages with malicious links or false requests for personal information. They may also post fake ads or run tests designed to trick users into providing sensitive data. Recognizing these tactics is key to protecting your personal information on social platforms.

How social media is used as a phishing tool?

Scammers use social media to trick people by sending messages from fake accounts that ask for personal details or contain harmful links. They also post fake ads and tests? to get your sensitive information. It's important to be careful and know these tricks to keep your data safe on social platforms.

How can social media phishing be prevented?

To prevent social media phishing, always verify the source of messages and friend requests before responding or clicking on links. Use strong, unique passwords for each account and enable two-factor authentication for extra security. Regularly update your privacy settings to control who can see your posts and contact you, reducing the risk of falling victim to phishing scams.