A friend commented on your post or shared your picture and you see a notification from your app or an email arrives. You're excited to see who's interested in your content, so you click the link in the notification or email and bam! You download malware to your device. That's how quick it can happen. Just like in emails, the scammers entice you with something intriguing then direct you to click on their trap; and social media is no different. The only difference is the general public is less trained to watch for scams on social media than they are in noticing spam emails.
A common scam with Facebook® is posting a catchy image that looks like a video with the play button. When the viewer thinks they are clicking the play button, they are taken to another site that looks just like the social media's login page, with the same logos, color schemes, and content. The user then assumes they need to login again - when they're really giving their login credentials to the scammer! To take it a step further, the video shows up again after the user "logs in." After the user tries to view it again, they are asked to download the video. Yep, you guessed it! It's not a video that is being downloaded, rather, it's malware or adware, or both.
If phishing spam isn’t coming fast and furiously enough for you, developers from security firms have created an automated spear phishing tool that snagged Twitter® victims up to 60% of the time - which is far more than the measly 15% that hooks regular Twitter phishing victims. The testing for this new automated tool focused on Twitter users who represent high value, such as those with a lot of followers or retweets. This helped keep the phishing attack out of the line of site of the Twitter defenses. Fortunately, the creators of this tool are the good guys. However, it’s only a matter of time before the bad guys figure this out, too.
The use of trademarks is not intended to endorse any company, product or service. Trademarks are the property of their registered owners.