5 Ways To Combat Social Media Phishing Attacks

Phishing is the number one method of attack delivery for everything from ransomware to credential theft. We typically associate phishing with email, but other types of phishing have been growing rapidly. In recent years, phishing over social media has skyrocketed by 500%. There has also been a 100% increase in fraudulent social media accounts.

Phishing over social media often tricks the victims because people tend to let their guard down when on social platforms like Facebook, Instagram, Twitter, and LinkedIn. They’re socialising and not looking out for phishing scams. Here’s 5 ways you can secure alter your social media use to better avoid these sorts of covert attacks.

1. Make your profile private on social platforms

Phishing scammers love public profiles on social media because not only can they gather intel on you to strike up a conversation, but they can also clone your profile and put up a fake page for phishing your connections. Criminals do this in order to try to connect with those on your friends or connections list to send social phishing links that those targets will be more likely to click because they believe it’s from someone they know.

You can limit your risk by going into your profile and making it private to your connections only. This means that only someone that you’ve connected with can see your posts and images, not the general public. For sites like LinkedIn where many people network for business, you might still want to keep your profile public, but you can follow the other tips below to reduce your risk.

2. Hide your contacts/friends list

You can keep social phishing scammers from trying to use your social media profile to get to your connections by hiding your friends or connections list. Platforms like LinkedIn and Facebook both give you this privacy option. 

Just be aware that this does not keep scammers from seeing you as a friend or connection on someone else’s profile unless they too have hidden their friends list.

3. Be wary of links sent via direct message & in posts

Links are the preferred way to deliver phishing attacks, especially over social media. Links in social posts are often shortened, making it difficult for someone to know where they are being directed until they get there. This makes it even more dangerous to click links you see on a social media platform.

A scammer might chat to you on LinkedIn to inquire about your business offerings and give you a link that they say is to their website. Unless you know the source to be legitimate, do not click links sent via direct message or in social media posts. They could be leading to a phishing site that does a drive-by download of malware onto your device. Even if one of your connections shares a link, be sure to research where it is coming from. People often share posts in their own feeds because they like a meme or picture on the post, but they never take the time to check whether the source can be trusted.

4. Be mindful of social media surveys and quizzes

While it may be fun to know what Marvel superhero or Disney princess you are, be mindful of quizzes on social media. They’re sometimes designed as a ploy to gather data on you. Data that could be used for targeted phishing attacks or identity theft. The Cambridge Analytica scandal that impacted the personal data of millions of Facebook users is a good example. It was found that the company was using surveys and quizzes to collect information on users without their consent.

While this case was high-profile, they are by no means the only ones that play loose and fast with user data, taking advantage of social media to gather as much as they can. Be aware of risks involved with some quizzes and that once your personal data is out there, there is no getting it back.

5. Research before you accept a friend request

It can be exciting to get a connection request on a social media platform. It could mean a new business connection or connecting with someone from your past. However, this can be another method that phishing scammers will use to take advantage of you. Attempting to connect with you on social media can be a first step before they reach out directly via DM.

The best practice is to not connect with friend requests without first checking out the person on the site and online using a search engine. Do they look genuine? If you see that their timeline only has pictures of themselves and no posts for example, that’s a big red flag and you should probably decline the request.


Does your business need a cybersecurity checkup?

Don’t stay in the dark about your IT security vulnerabilities. Schedule a cybersecurity audit to uncover vulnerabilities so they can be fortified to reduce your risk.

Looking to become more cyber aware? ITM Tech provide a number of cybersecurity solutions and training services for businesses in Kildare and Dublin, including:

  • Business Continuity & Disaster Recovery
  • Email Filtering
  • Incident Response Plans
  • Phishing and Cybersecurity Training

If you need a dedicated IT company, with a team of trained professionals who can manage your company’s cybersecurity, look no further than ITM Tech! Based in Naas, Co Kildare, ITM Tech supplies and implements reliable technical support for your entire IT environment.

We are dedicated to quickly and effectively resolving cybersecurity issues, leaving you to concentrate on running your business. Contact our experts today at 045 409984 or email us at support@itmtech.ie.

For more information about cybersecurity and what we can offer you, check out our last blog; Is Your Business Ready To Prevent, Detect And Respond To Cyber Attacks?