Phishing is not a new concept, it’s been around since the dawn of email. For the most part, phishing attempts were fairly easy to spot because they were often unsolicited messages sent to you by total strangers.
That was then and this is now. The new breed of phishers are now hooked into social media and are using it for sophisticated “Spear Phishing” (targeted phishing) attempts.
HERE ARE SOME OF THE NEW TACTICS USED BY SOCIAL MEDIA PHISHERS:
Phishers use bogus profiles to gain entry into your social circles
The main tool a phisher uses in a social media-based phishing attack is a fake profile. Phishers will likely create phony profiles using pictures they've stolen from other profiles that they've found online.
They will typically choose attractive people and they will usually tailor their profiles using fake demographic information based on that of their intended victim.
If their intended victim is in their 30s, they will make sure that they set their age to something close or an age that the victim might find appealing. They may also make their location close to the victim and even say they went to the same high school or one nearby to make the profile seem more convincing.
Phishers leverage your friends to build credibility
A big red flag that will hopefully tip you off to the fact that a profile is fake is that their friends list isn't likely to be extensive. The average person who has been on social media for several years has several hundred friends.
Phishers will likely have a lot less friends than normal people because it usually takes awhile to gain friends naturally and it's not easy to just go get a bunch of friends for use on a fake profile because most normal people are skeptical of strangers wanting to be their friends, especially ones who don't already have a large friends list.
Experienced phishers are going to look at your friends list and try to befriend some of them before they friend you (their target), because they know you're more likely to trust someone that you have friends in common with.
Phishers use your likes and interests to help build a rapport
Phishers will also try to worm their way into your good graces by playing off of your likes and interests. Many people allow their likes to be publicly viewable making them ripe for the picking.
A phisher may try to strike up a conversation about something in your likes list, or they may message you with a link to something you're interested in. The link they send may look like something you would be interested in, but in reality it was just bait to get you to visit a phishing website where they can harvest your personal information.
HERE ARE SOME TIPS FOR PHISH-PROOFING YOUR SOCIAL MEDIA PROFILE
Keep as little of your profile set to 'public' viewable as possible
The less information phishers can see in search results the better off you'll be. Phishers are more likely to go after people that have a lot of publicly shared posts, likes, and other bits of information they can use to help them in their phishing attempts. You should also consider hiding your likes.
Hide your friends list
You may also want to change your privacy settings so that members of the public can't see your friends list. This will help prevent phishers from trying to friend your friends as mentioned above. It will also make it harder for them to determine relationships such as who your family members are, etc.