Social Media Phishing Soars

Posted by Lori Salley Ring

Jun 6, 2017 8:30:00 AM

socialmedia w phone.jpgEmployee training is key to any business's defense against cyberattacks. According to PhishMe, an estimated 91% of cyberattacks start with a phishing email -- an attempt to secure personal or sensitive information by posing as a legitimate actor. It makes sense then that many businesses focus cybersecurity training on recognition of email phishing scams. However, recent studies show that cybercriminals are increasingly turning to social media to bait their prey. In 2016, social media phishing increased by an estimated 500%, and victims are more likely to fall for these scams. Cybersecurity training needs to adapt to this fast-growing form of attack.

A recent article in the New York Times describes a breach at the Pentagon that can be traced back to the wife of an employee who clicked on a link in a social media post.  She was discussing summer vacation plans with friends online when a post about a deals on summer travel appeared in her social media feed. She clicked on the malicious link. Once the criminals had access to the wife's device, they were able to access her husband's computer through their shared home network.

Pretty young girl holding a phone with social media icons in abstract cloud.jpegInformation posted on social media or anywhere online gives cyberthieves clues that help them craft effective phishing campaigns. Consider if a criminal knows where you vacation, who your boss is, which restaurants you frequent, or what sports teams you follow -- if an email or social media post pops up related to those interests, you're more likely to click.  

Since people feel that they are among friends on their social media accounts, they are more trusting and thus more likely to fall victim to fraud. While an estimated 30% of spear phishing emails are opened, 66% of victims will click if the spear phishing message is sent through social media. Like a spoofed email address, posts may appear to come from known sources, but are in reality imitations. The growth of fraudulent social media accounts on Facebook and Twitter increased 100% in the last quarter of 2016, according to Proofpoint.

angler fish.jpgA favored tactic of cybercriminals is posing as a customer service representative of a large brand seeking to solve a problem after a consumer uses social media to reach out to the company. This scam has been labeled as "angler phishing."  The realistic looking accounts and websites trick customers into revealing all sorts of sensitive information and passwords. A 2015 study estimated that almost 20% of social media accounts supposedly owned by big brands were fake.  

For businesses looking to protect their networks and data, it's important to ensure that employees are aware of the evolving tactics of cybercriminals and educated on the risks of over-sharing and over-trusting online. 

Technology Policy Small Business


Topics: cybersecurity, cyberthreats, social media

Leave A Comment

FocusData: TECHPol is a blog on technology and business policy issues affecting small and mid-sized companies.  TECHPol’s primary author, Lori Salley Ring, spent 20-plus years working on Capitol Hill, including as the top staffer on the House Committee on Small Business.  FDS is an IT consulting firm providing managed services, office tech relocation, network security, and IT support for businesses in the Washington, DC and Northern Virginia area.

Technology Policy Small Business

About the Author

Lori Salley Ring

Lori Salley Ring

Lori serves as Policy Advisor and Communications Specialist for Focus Data Solutions.  Lori spent more than 20 years working for the U.S. Congress, including as Chief of Staff to a member of the House leadership and as the Staff Director for the Committee on Small Business.  Lori also ran a Washington-based non-profit organization between stints working for the Federal government. 

Follow Me

Focus Data Solutions

1020 N. Fairfax St., Suite 400
Alexandria, VA 22314
(703) 836-0080

We are your partner for IT outsourcing, cloud services, managed services, office relocation, backup solutions and network security.

Work with Focus Data Solutions