Casting Light on Ongoing Social Media Attack Trends

Ongoing cybercrime trends on Facebook

• Phishlabs noted that threat actors are impersonating executives of well-known brands on Facebook for the purpose of stealing credentials and damaging the companies’ reputation.
• Another Facebook phishing scam that is making the rounds on the Internet, involves tricking users into believing that they have been spotted in an x-rated video shared on Facebook Messenger. This malicious and fake video is actually used to compromise unsuspecting users’ accounts by redirecting them to a fake Facebook login page.
• Attackers are also impersonating Facebook’s automated notification to warn users. These emails claim to unpublish a user’s page as Facebook has received a number of complaints. In case of error, the user is appealed to provide correct information on a link given in the email. 

Even Twitter, LinkedIn, and Instagram are misused

• Executive impersonation attack is popular across Twitter, LinkedIn, and Instagram to promote a fake giveaway scam or contest.
• Phishlabs reported that scammers are using LinkedIn to impersonate a high-rank executive to conduct fake job recruitments or offer individuals fake goods and services.
• In this attempt, threat actors send private messages to targets from the impersonated accounts and ask for Personally Identifiable Information (PII) or money.
• ESET researchers uncovered a cyberespionage campaign named ‘Operation In(ter)ception’ that leveraged the LinkedIn platform to conduct BEC attacks against European Aerospace and military companies in Europe and the Middle East.
• Attackers are misusing Twitter and Instagram to create a sense of urgency among users by claiming that their accounts will be suspended for violating rules. They are leveraging social engineering techniques, along with phishing emails, to redirect unsuspecting users to fake login pages of these social networks.

What else?

• Apart from conducting scams and pilfering sensitive data, social media platforms have become the latest channels to leak and sell compromised data.
• Depending on the nature of the available stolen data, individuals can find their ways to conduct identity theft, blackmail victims, or make fraudulent purchases.

What should users be aware of?

• Always be careful when receiving email seemingly coming from official sources and never open attachments coming from unknown sources.
• It is important to know that social media websites never typically issue any email, threatening to suspend or terminate their services. Any such unsolicited emails must be treated with extreme caution.