Social Media Phishing Rose 500% in 2016 Q4

February 9, 2017

Throughout 2016, social media phishing attacks have climbed 500%, a new Proofpoint research reveals. The data includes cases of angler phishing, where attackers intercept customer support channels on social media in their attempt to steal people’s credentials, which proved to be the most common among financial services, but also entertainment accounts.

According to Proofpoint’s Quarterly Threat Summary from the last trimester of 2016, there has also been an increase in fraudulent accounts across social channels. In fact, they’ve doubled from the third to fourth quarter. The risk these accounts pose is quite high as they can be used for phishing, social spam, malware distribution and so on.

“To that end, Proofpoint researchers observed a 20% increase in spam content across Facebook and Twitter quarter over quarter,” the report reads.

Furthermore, legitimate Twitter support account are now sending more private messages than ever, with a 25% increase in the year’s last quarter, compared the previous period. But, while these support accounts are now sending more messages and customers become accustomed to interacting with brands via DMs, angler phishing becomes easier.

Hot topics, risky topics

One thing attackers were attracted to was, understandably, hot topics. For instance, there was a high number of fraudulent “Super Mario Run” pages appear in Q4, before and after the launch of the mobile game. Pokemon Go was also quite an attraction. Many pages featured download links that either led to malware or surveys.

Another key finding in the report was that there were about 4500 mobile apps associated with the Summer Olympics, including sponsor brands, which were risky or downright malicious.

The rise of ransomware

It should also be mentioned that ransomware is now more widespread than ever. In fact, the number of new ransomware variants grew by 30 times over in the last quarter of 2016 compared to the previous year. While Locky was responsible for most of the attacks, getting delivered via the largest spam campaigns observed so far. While some pauses in the campaign were noticed around holidays, the volumes remained high.

Read full story…