‘These scams operate in a variety of ways, but they all have a common goal: to obtain users’ credentials or install malicious software on their devices.’
Most people around the world use social media to stay connected with loved ones, follow brands, and keep up with trends. However, while users scroll, cybercriminals are also busy, always looking for their next target.
There has been an increase in scams using social engineering and phishing techniques on social media and messaging apps to steal credentials and distribute malware.
Seifallah Jedidi, head of Consumer Channel for Meta at Kaspersky, said that cybercriminals are increasingly exploiting platforms such as WhatsApp, Facebook, Instagram, TikTok, and X (formerly Twitter) to create fake pages that mimic legitimate websites.
He added that they have identified multiple fraudulent campaigns employing sophisticated tactics and widely recognised platforms to execute their attacks.
“These scams operate in a variety of ways, but they all have a common goal: to obtain users’ credentials or install malicious software on their devices.”
There has been an increase in fake verification pages, which lead individuals to websites that resemble the official interfaces of WhatsApp and other apps. These fraudulent pages request users to provide their phone number and the verification code received via SMS.
“With this information, cyberattackers could access accounts, take full control, and perform actions such as impersonating them, sending messages in the victim’s name, or accessing confidential information.”
ALSO READ: Think before you click: Safeguarding your digital reputation
At a time when social media users are obsessed with a huge number of followers, cybercriminals often make promises of free followers to boost users’ digital popularity – this is typically done on platforms such as Instagram.
However, to access this promise, users have to voluntarily enter their login credentials on one of these fraudulent pages.
Jedidi said this strategy allows cyberattackers to take control of accounts, use them to spread further scams, or even sell them on dark markets.
Fake shops on TikTok
He added that there has been an increase in fake shops on TikTok.
“This social network has also been the target of targeted attacks, especially through its TikTok Shop feature, which allows sellers to directly associate products with posted videos, making them easier to purchase.”
Taking advantage of this functionality, cybercriminals create fake sites that simulate being part of TikTok Shop, with the aim of stealing sellers’ credentials.
There has been an increase in fake security notifications, whereby cybercriminals send alerts pretending to be from the security teams of Facebook and similar platforms, warning users of suspicious activity on their accounts.
“Through these notifications, they directed victims to phishing forms requesting their credentials. Once entered, the attackers could take control of personal profiles or manage pages, using them for scams, spreading malicious content, or extortion.”
ALSO READ: WhatsApp to get ads: Here’s what you need to know
Jedidi said the real risks associated with using social media include exposure of personal data, loss of control over accounts, dissemination of false information, and threats to privacy.
“Despite the increase in these types of threats, users are not defenceless. With increased awareness, good cybersecurity practices, and the use of reliable protection tools, it is possible to significantly reduce the risk of falling victim to these scams.”
He emphasises the importance of maintaining cybersecurity awareness, developing critical thinking skills, and utilising robust cybersecurity solutions when using social media.
Tips to reduce risks
- Do not click on suspicious links, especially those promising unbelievable offers, benefits, or services. These often lead to phishing sites where sensitive information such as passwords or banking details is stolen. Always verify the authenticity of the sender and the content before clicking.
- Be careful what you share: Information like pet names, important dates, or locations can be used by cyberattackers to guess passwords or design personalised attacks. Avoid sharing travel plans, financial details, or overly personal information.
- Use strong passwords and two-factor authentication: Choose unique and complex passwords for each social network, combining capital letters, numbers, and symbols. Additionally, consider activating an extra security option that many platforms offer: after entering your password, you will receive a code via phone or email to confirm it’s you. This way, even if someone figures out your password, they will not be able to log in.
- Review your privacy settings: Platforms regularly update their policies and security options. Check who can see your content, tag you, or access your profile. Also, review and revoke permissions for third-party apps you no longer use.
NOW READ: Oh hash! Musk bans ‘aesthetic nightmare’ hashtags from X