Story image

Social media phishing on the rise as attackers experiment with tactics

05 Mar 2018

Social media has eclipsed financial institutions for the most popular targets for phishing attacks, suggesting a pivot in tactics away from traditional cloud service providers.

In this context, phishing is characterised as the ways cybercriminals innovate to trick users into handing over personal information, financial information and user account details..

RiskIQ’s Q4 2017 statistics looked at 27.285 blacklisted phishing domains that targeted 259 unique brands.

While the number is lower than in the previous quarter, the firm saw a ‘stark’ increase in phishing campaigns leveraging social media platforms.

Why are attackers going after social media? RiskIQ says there are several reasons why this may be the case.

“For one, the growth in popularity of financial integrations within social media platforms that, for example, give users the ability to send and receive money, can make for an easy payday. There’s also the possibility of using sensitive information from posts, messages, and profiles that can be used as lures in social engineering attacks.”

While social media platforms are becoming a popular target, financial institutions still make up the majority of phished brands. 40% of brands are financial institutions; 20% are social media platforms; 20% are large tech companies; and 20% are digital transaction providers.

In Q3 2017, only 10% of phishing attacks leveraged social media platforms.

RiskIQ will not name the brands used as part of the phishing attacks, but does name some of the registrars and hosting providers that are helping to cause trouble.

“There are two types of phishing sites: those that use compromised websites and those that use malicious registrations,” RiskIQ notes in its Q3 report.

Behind the scenes, data suggests that there are a handful of domain registrars behind the scenes, including the likes of Hostinger, GoDaddy and eNom. These have apparently become ‘tried and true’ tools for phishers.

Meanwhile hosting providers responsible for propagating phishing attacks are a little more difficult to pin down: Hostinger and CyrusOne featured heavily in Q4 data for blacklisted URLs by hosting provider, however only one of the culprits appeared in Q3 data.

The company notes that phishing tends to happen in a cyclical pattern. This contributed to a slight overall drop in detections.

“The number of observed domains and targeted brands remained relatively close each quarter, but the number of unique URLs varied widely,” RiskIQ explains.

“Financial institution targets showed a general decline while social media targets showed a general increase, especially over the last quarter. Q4 was also the first quarter observed where the top targeted brand was a social media platform. While this is not a new phenomenon by any means, our data has never displayed its presence as prominently as Q4 of 2017,” the company concludes.

Ping Identity offerings accelerates cloud MFA and SSO adoption
90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
Nuix eyes legal sector as eDiscovery demand skyrockets
eDiscovery must encompass so much more than email and documents. If you haven’t looked at text messages and online chats, digital images, mobile devices, data in the cloud and social media, you’re not getting the whole story.
EXCLUSIVE: Forcepoint global channel chief talks strategy
As a solution sold 100% via the channel, cybersecurity solutions company Forcepoint places a strong emphasis on its partner relationships.
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."