A massive rise in phishing via social networks is worrying

Feb 9, 2017 12:23 GMT  ·  By

Throughout 2016, social media phishing attacks have climbed 500%, a new Proofpoint research reveals. The data includes cases of angler phishing, where attackers intercept customer support channels on social media in their attempt to steal people’s credentials, which proved to be the most common among financial services, but also entertainment accounts.

According to Proofpoint’s Quarterly Threat Summary from the last trimester of 2016, there has also been an increase in fraudulent accounts across social channels. In fact, they’ve doubled from the third to fourth quarter. The risk these accounts pose is quite high as they can be used for phishing, social spam, malware distribution, and so on.

“To that end, Proofpoint researchers observed a 20% increase in spam content across Facebook and Twitter quarter over quarter,” the report reads.

Furthermore, legitimate Twitter support accounts are now sending more private messages than ever, with a 25% increase in the year’s last quarter, compared to the previous period. But while these support accounts are now sending more messages and customers become accustomed to interacting with brands via DMs, angler phishing becomes easier.

Hot topics, risky topics

One thing attackers were attracted to was, understandably, hot topics. For instance, there was a high number of fraudulent “Super Mario Run” pages that appeared in Q4, before and after the launch of the mobile game. Pokemon Go was also quite an attraction. Many pages featured download links that led either to malware or surveys.

Another key finding in the report was that there were about 4500 mobile apps associated with the Summer Olympics, including sponsor brands, which were risky or downright malicious.

The rise of ransomware

It should also be mentioned that ransomware is now more widespread than ever. In fact, the number of new ransomware variants grew by 30 times over in the last quarter of 2016 compared to the previous year. While Locky was responsible for most of the attacks, getting delivered via the largest spam campaigns observed so far. While some pauses in the campaign were noticed around holidays, the volumes remained high.

Locky payloads were delivered via attached JavaScript or zipped JavaScript, but it was also attached to Microsoft Word and Excel documents featuring malicious macros, URLs linking to zipped JavaScript files or zipped VBScript files.