With more people now using social media other than email phishing attacks through social networks such as Facebook, twitter and Instagram are now on the rise. These posts are especially difficult to judge as they may have been shared or liked many times, making it appear popular or genuine due to the popularity of the post.
In this guide we will look at an example of how a phishing attack is executed through a Facebook post. We will also look at what could happen to our data if the attack is successful and how we could have prevented this. More detailed information regarding phishing can be found on my other post titled “How Do I Overcome Phishing Attacks?”
You are scrolling through your news feed and you see an advertisement post for a free Dyson vacuum for the first 3,000 customers. You see that the post has already got several 100’s of likes and comments so you go ahead and click on the post. The post redirects you to a form which you promptly fill so that you can be one 3,000 customers.
The form asks for your details including your name, address, billing details. You then click next and it asks you for your card details. The card details are for the $2.99 shipping charge of the product so you go ahead and enter your card details and complete the order.
What is actually happening?
The scammer placed a Facebook advertisement for a free Vacuum to entice you to click it and claim the free gift. The scammer paid for Facebook promotion to get a 100’s of likes and comments for a few dollars. Seeing the number of likes made you not think twice before clicking on the link. The scammer is now in control as you are now in a hurry to finish the form you will not pay attention to what website you are on. The scammer then added delivery charge with a genuine reason for it in the last step to get your card details.
These social network advertisements are very powerful in luring customers to click on their link. Various posts will have various offers such as free products, services or other items of value to people. These posts can be used for collecting any type of data or to infect your computer with a virus.
What will they do with my data?
Your details could be sold on the dark web, it can be used for identity theft or it can be used to make purchases before you find out and get the card blocked. Most of the times the data will quickly be used to source login credentials to other sites that you use. Some hackers may even hold your data at ransom.