Because humanity is terrible, pretty much as soon as someone invents a new form of communication, some other jerk figures out a way to use it to steal things. And then another way, and another, and another.
That’s the message (somewhat editorialized by yours truly) of Proofpoint’s latest “Threat Summary and Year in Review” report, which shows that the number of “phishing” attacks on social media sites increased 500% from 2015 to 2016.
In the last quarter alone, the number of fraudulent social media accounts doubled, including those associated with phishing as well as social spam and malware distribution. The volume of spam sent across Facebook and Twitter increased 20% from the third to fourth quarter.
Broadly defined, “phishing” refers to any form of fraudulent electronic communication, including email or social media messages, which is intended to trick the recipient into handing over private or sensitive information like passwords, credit card numbers, or social security numbers.
In addition to a number of known techniques, Proofpoint highlighted the rapid spread of a new type of social media phishing, called “angler phishing.”
This includes “attacks that involve fake customer-support accounts that trick people seeking help into handing over their login credentials and other information.”
Proofpoint also noted an uptick in malicious social media activity associated with major events and trends.
For example, in the fourth quarter, a large number of fraudulent social media accounts lured victims with links supposedly allowing them to download “Super Mario Run,” which actually led to malware or other undesirable content.Another interesting technique involves a new “doxware” program called “Ransoc,” which monitors the users’ Skype and other social media profiles looking for potentially unflattering or illegal activity, such as sharing pirated content, and then delivers messages threatening legal action unless the victim pays a ransom.