There are plenty of ways cybercriminals steal your details. One of the most common methods is directing you to a fake website through text messages or phishing emails.
While the phishing email’s wording can differ, scammers regularly use legitimate brands to lure you in. By spoofing an email from a social media platform or service provider, they hope that you won’t notice minor differences from the real thing. Tap or click here for subtle clues that email is a clever phishing scam.
And when you do land on the fake website, the scammers naturally want to capture your details. If you don’t recognize it’s a scam, it can spell disaster. Keep reading to find out how scammers use social media to find new victims and ways to stay protected.
Here’s the backstory
Several brands are the go-to names that scammers use in phishing campaigns. These include platforms where you need to sign in or supply your details to proceed. Credit card information is naturally a big score for scammers, but social media information is more valuable. That’s hard to believe but true.
Through a report by Checkpoint Research, the list of top spoofed brands cemented the notion that social media is a top priority for scammers. Running phishing numbers for July, August and September this year, Checkpoint found Microsoft was the leading imitated brand. Here are the top 10 spoofed brands:
- Microsoft (related to 29% of all phishing attacks globally)
- Amazon (13%)
- DHL (9%)
- Best Buy (8%)
- Google (6%)
- WhatsApp (3%)
- Netflix (2.6%)
- LinkedIn (2.5%)
- PayPal (2.3%)
- Facebook (2.2%)
This is the first time that social media platforms Facebook, WhatsApp, and LinkedIn cracked the Top 10 list. This indicates that abuse of social media is on the rise.
In the case of LinkedIn, scammers are after your login details and account information. Checkpoint detailed how a phishing email was sent from linkedin@connect[.]com with the subject “You have a new Linkedln business invitation from *****.”
The link in the email directs to a fraudulent LinkedIn website where scammers expect you to enter your details. If you do, scammers can capture it and hijack your account.
Ways to protect against phishing attacks
The best defense against phishing emails is to be cautious whenever you receive an email from an unknown sender. Here are some phishing preventative measures:
- Avoid downloading attachments unless you’re 100% sure of what they are, why they were sent and who sent them. If an email with an attachment arrives from a trusted contact, make sure they actually sent it by calling or messaging them. Their account may be part of a botnet, for all you know.
- Always check the sender field for a genuine email domain. If the domain doesn’t match the official website of the “sender,” it’s a fake.
- Don’t click links in emails you’re unsure about. Just like with attachments, verify with the sender that they actually sent it and that they know where it goes.
- Check the URL of any site you visit to make sure it accurately matches any official websites. It’s not just emails that masquerade as different entities.
- If an email asks for personally identifying information or login credentials, just ignore it.