Malwarebytes Labs, a cybersecurity platform, has found 2 phishing schemes like these in the past week. Social media platforms namely Twitter and Discord were targeted by these phishing schemes.
The Twitter phishing scam used Direct Message (DM) to trick users into giving them their login information. They first accused the user of breaking the terms of service and using hate speech. After that, they requested users to authenticate their accounts to stop their accounts from getting suspended. If you follow along, they redirect you to a fake help center where they ask the user for login information.
Discord phishing campaign messages users via their friends or any stranger’s account accusing them of breaking a server’s rule such as sending explicit images. This message contains a link to the server, and the user is required to log in using a QR code. According to MalwareBytes, if the user does this, their account will be taken over by scammers.
The CEO of SlashNext, Patrick Harr, warns users of such phishing attacks saying these are much smarter than traditional phishing scams. They use fear to make the victim move before he wonders if this is suspicious. These are said to be the most dangerous ones out of any social engineering scams.
Patrick Harr continues by saying that the scammers motivate Discord and Twitter users by threatening their business, status, or personal profile. This is what makes them so effective.
The main goal is to hijack the victim using psychological tactics and steal their bank accounts or other personal data. More importantly, getting access to an employee’s social media account gives access to information about the whole enterprise’s data and leaks a lot of information.
A security awareness advocate at KnowBe4, James McQuiggan says that a lot of times, phishing scams rely on the users’ emotions and create a sense of urgency and in a hurry, they make the wrong decisions. For example, in email phishing scams that rely on fear and urgency, users don’t bother checking the sender or link beforehand. This makes them susceptible to phishing attacks.
The same is the case with these Twitter and Discord scams that occurred last week. They threatened users with the possibility of their accounts being suspended or banned. This makes the user click on the link and open a fake website that looks exactly like the platform’s official login page.
Pressurizing victims into acting quickly and giving them their information before they notice anything suspicious seems to be the perfect strategy for these phishing scams. In the case of Twitter, the user would be taken aback considering the backlash from his account being suspended due to hate speech. This prevents them from noticing any red flags.
Phishing attacks are extremely dangerous to remote workers especially as they don’t have any interactions with their peers in person. This makes them highly reliant on social media platforms and digital workspaces.
Cybercriminals can easily check where and at what position a specific user works using Twitter or LinkedIn to target their scams.
Patrick Harr, says to counter these scams for online workspaces and remote workers, the organization should employ social engineering training as well as additional security measures.
Organizations should also implement mobile phishing protection for all personal and enterprise accounts.
Lastly, the fact of the matter is that phishing scams will never die down and instead get even better thanks to DeepFake technology. But such is the case with any new inventions, they have both good and bad sides.
Read next: PayPal becomes the new identity theft cover-up