Security News > 2022 > March > Social media phishing attacks are at an all time high
The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analyzed phishing attack patterns that unfolded throughout 2021.
Phishing actors focused on Facebook and other social media platforms because taking over social media accounts is commonly a stepping stone to reach a wider audience or perform highly effective spear-phishing attacks.
In the first scenario, phishing actors can post links to malware-dropping or phishing sites that their followers, who trust them, are more likely to click on, thus generating traffic towards malicious sites.
As Vade comments, the phishing actors are particularly interested in well-known brands and typically target them during periods of high recognition.
"Vade detected a sophisticated Microsoft phishing attack in which corporate logos and background images were automatically rendered onto Microsoft 365 phishing pages," details the report.
In Microsoft's case, Vade saw a gradual rise in the number of phishing emails as the week progressed, possibly attempting to leverage accumulating tiredness that leads to carelessness and phishing link clicks.
News URL
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)