There are over 270 million active social media users in the United States, which accounts for over 80% of the country’s total population. The US also ranks third in terms of the largest social media audience worldwide.
It’s no surprise then that businesses have increasingly advertised on social media platforms over the years. In fact, social media advertising spending in the US is expected to reach around $80.67 billion by the end of 2022 and $130.50 billion by 2027.
Cybercriminals today are conducting social media phishing scams to take advantage of social media's widespread popularity.
Read also: How prepared are your employees for phishing attacks?
What is social media phishing?
All types of phishing scams involve tricking victims into giving away their personal information, such as login credentials, credit card details, and Social Security numbers. Posing as legitimate individuals or organizations, cybercriminals send messages that typically contain links that take victims to a spoofed website where they are asked to enter their personal information. Cybercriminals then use this information for identity theft or other malicious purposes.
With social media phishing, specifically, cybercriminals typically send phishing messages using the private or direct messaging features of social media platforms like Twitter and Facebook.
Common social media phishing messages include the following:
- The victim is informed that there’s an issue with their social media account, so they need to log in to the linked spoofed site to address the issue.
- The victim is offered an enticing reward if they participate in the linked online quiz or survey. To receive the reward, the victim must provide their personal information.
- For a minimal fee, the victim is promised a specific number of social media followers or likes. The victim is asked to share their login credentials and credit card details to avail the offer.
What are the dangers of social media phishing?
Social media phishing can wreak havoc on individuals and business alike in many ways, including the following:
Identity theft and fraudulent transactions
Cybercriminals can use social media phishing to steal people's personal data. Using this data, cybercriminals can open new accounts, file for tax refunds, or take out loans in their victim’s name. They can also make unauthorized purchases or withdraw money from their victim’s bank account. They can also drain a business's funds if they manage to steal the information of the person handling the business's finances.
In other cases, cybercriminals use phishing scams to take over their victim's social media account. They can then use that account to launch more phishing attacks against the victim's online contacts. So if the victim uses their social media account for business, cybercriminals can also go after the company’s online followers, customers, suppliers, and other business contacts.
Loss of confidential data and customer confidence
Some individuals and businesses store and share sensitive information, such as login credentials and customer records, on social media platforms. If a cybercriminal gains access to this information as a result of a social media phishing attack, they can sell it on the dark web or use it for blackmail.
If that attack ends up affecting your customers, they may lose trust in your company and take their business elsewhere.
Penalties and lawsuits
Your company may get sued and penalized if a social media phishing scam leads to the exposure of any data that is covered by data protection regulations.
How can you protect your company from social media phishing?
The best place to start is by teaching yourself and your employees how to spot a social media phishing message. Here are some of its common telltale signs:
- Comes from an unknown sender or someone you haven't talked to in a while
- Has grammar or spelling errors
- Creates a sense of urgency
- Contains suspicious links leading to sites that ask for personal information
If you or your employees receive a message that exhibits any of these signs, do not respond to it or click on any links it may have. Delete the message and block the sender to prevent them from sending more messages.
Moreover, you should also implement company policies on social media usage, such as:
- Only certain employees can access the company’s social media accounts and pages.
- Employees may use only company-approved devices for work-related social media activity.
- Employees cannot share sensitive information, such as login credentials, on social media platforms.
Safeguard your business from social media phishing attacks and other cyberthreats by partnering with Founders Technology Group. Schedule your FREE IT consultation with our IT security experts today.