If you’re familiar with the scam known as ‘phishing’, you’ll be aware that email is often the vehicle. Users are tricked into clicking bogus links or reveal confidential personal information. A good spam blocker will usually intercept these messages. But cybercriminals and hackers are clever and relentless, and they’ve found a way around spam blockers. Social media websites are the new risk area.
Spam blockers work so well because they look at the emails you receive and decide whether they’re authentic or not. This can be deduced from the links within the body of the message. A message can be deemed legitimate if the links it contains go to a recognized source – but the ‘safety’ of the message is still not guaranteed, even if no suspicious links are found.
The new focus on social media sites is built upon this weakness in spam blockers, which establish a message’s legitimacy, not whether it’s actually safe. Social media sites become a kind of middleman. The hackers use a social media site to create posts which contain suspicious links and then take advantage of the site’s capacity for posts to be widely shared. Because it’s on a social media website, to most people it seems to be both legitimate and safe.
This isn’t a hypothetical scenario. It’s already happening, and users need to be aware of the threat. It’s documented that there was a recent campaign that used Facebook as the means for delivering a phishing scam. The hackers send the target a fake email message that tells them that their page has violated Facebook’s terms of service or use. The recipient duly clicks the link, which takes them to a genuine Facebook post with instructions on how to fix the problem. But in this layered scam there’s another trick in store. The page instructs the victim to click on yet another link, and this is the one that contains the phishing link. Mission accomplished.
What you should take away from reading about this latest scam is that no links in emails from users you don’t know should be trusted and you shouldn’t assume that these emails are either legitimate or safe. Social media websites, support forums and other sites we tend to trust are all used by cybercriminals for phishing scams. Be alert to suspicious links and, if you’re at all concerned, don’t just brush your worries aside. Don’t click the link. Consult a cybersecurity professional, such as the IT experts at Quikteks. Our technicians can review messages and assess their authenticity.
If you don’t have a spam blocker at all, we can help put that right. A unified threat management tool is one solution that offers broad and strong protection, and will protect you from most cyberthreats and online security problems. For more information, call Quikteks at (973) 882-4644.