Social Media Phishing Rose 500%

Summer Olympics, Through the 2016, the social media phishing attacks have increased by 500%, reveals a new Proofpoint research. This data includes cases of angler phishing, where the attackers intercept the customer support channels on social media during their attempt to steal the victim’s credentials, which proved to be the very common in financial services, but also in entertainment accounts.

According to the Quarterly Threat Summary of Proofpoint, the last trimester of 2016, has also been an increase in the fraudulent accounts across the social channels. In fact, they have doubled from third to the fourth quarter. The risk that these accounts pose is high as they can be easily used for social spam, phishing, malware distribution, and so on.

“In that end, the researchers at Proofpoint observed a 20% increase in spam content across Facebook and Twitter quarter over quarter,” the report reads.

Furthermore, legitimate Twitter support accounts are now sending more private messages than ever, with a 25% increase in the year’s last quarter, compared to the previous period. But while these support accounts are now sending more messages and customers become accustomed to interacting with brands via DMs, angler phishing becomes easier.

One thing attackers were attracted to was, understandably, hot topics. For instance, there was a high number of fraudulent “Super Mario Run” pages that appeared in Q4, before and after the launch of the mobile game. Pokemon Go was also quite an attraction. Many pages featured download links that led either to malware or surveys.

Another main finding in the report was that there are about 4500 mobile apps associated with the including sponsor brands, Summer Olympics, which were risky or downright malicious.

Locky payloads were delivered via attached JavaScript or zipped JavaScript, but it was also attached to Microsoft Word and Excel documents featuring malicious macros, URLs linking to zipped JavaScript files or zipped VBScript files.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA