On a daily basis, around 42% of the global population, or 3.2 billion people, uses some form of social media. Of that number, people spend a daily average of 2.2 hours on these networks, too. These two numbers are exactly why threat actors continue to flock to social media to abuse them for phishing purposes; however, there is far more to this story. Phishing threats extend well beyond Twitter, Telegram, Snapchat, and the other big networks.
Phishing is defined as social engineering using digital methods for malicious purposes. When it comes to social media, there is far more involved than just the most popular sites.
Blogs, forums, drop sites, video platforms, gripe sites, and other sites that make it easy to connect with other people and communicate with them are all part of the vast social media landscape, and each is abused by threat actors for phishing attacks.
Combine this with the adoption of mobile, where around 91% of social traffic derives from, and you have a mix of user trust, small screens for URL stuffing, and even easy integration with wire transfer apps or sending gift cards. If this sounds a bit like the perfect storm, you are now thinking like a threat actor, and have a better understanding of why they are increasingly abusing social media for phishing attacks.
The Expanding Social Media Phishing Landscape
As users around the world adopt new technology and platforms, threat actors will often follow in their footsteps. These are just a few examples that are now part of the expanding social media landscape.
Even in the earliest days of the web, forums were one of the most widely used social media platforms. Today, one of the largest websites in the world, Reddit, is considered a community or collective of forums. Though they occasionally ban their own versions of dark web marketplaces that are host to selling drugs, stolen credentials, and other illicit items, there are countless forums on the web that continue on. This goes for both sites that are found through a simple search or even hidden behind a login screen.
Although your favorite blog (this one, of course) may include educational resources and information, it takes close to no time at all to launch one. Because of their ease of use and availability, threat actors abuse these for credential theft, impersonation, fake news, and data dumps. Some platforms such as WordPress are also a prime target for threat actors to compromise them, at which point they host malicious information or fake login replicas of legitimate sites.
If you had to guess what the top three social platforms are, would you include YouTube? Not only is it one of the largest social platforms, but it’s also the second largest search platform, too. Because of this, threat actors will drop malicious links in comments, abuse brand IP, and then there is the future of deepfakes that create some very convincing impersonation attempts.
The motivation for each threat actor will vary, and for some, they just want to watch the world burn. While some prefer to monetize the data they steal from networks and organizations, others will drop the stolen data on paste sites for the world to access them.
Doc Sites and News Sites
Doc Sites, which can range from where classified information is shared or embedded by journalists through to web-based or SaaS word processing platforms, can be a hotbed for phishing. In the past, there have been some very clever brand-abuse cases for Google docs, but even now there are regular attempts for credential theft after clicking a link or being invited to access a document. On news sites, these can contain anything from fake news (impersonation) through to physical threats.
There are several kinds of gripe sites out there, and we’re not talking about the fun one created by the Reply All podcast. A gripe site can range from someone targeting a brand, organization, or even person, and essentially putting them on blast. In some cases, these sites can have their own domain and pages dedicated to the point of contention, and in others, there are sites that host countless gripes that range from businesses to your own neighbor. Some of these sites are protected by free speech, others infringe on copyrights, trademarks, or worse. When it comes to phishing, impersonation is often a big one here.
Social Media Platforms
You already know and likely use the largest social platforms out there, but more are continuing to emerge like Discord, Twitch, and Mixer. Though these three in particular focus on streaming content for gamers, Discord has already spun off communities of all sorts. Depending on the platform and tools, these networks can spinout phishing threats like impersonation, data dumps, credential theft, and even yield intelligence for BEC attacks.
You can learn more about how PhishLabs protects enterprise organizations, their brands, employees, and customers from phishing on social media through our Digital Risk Protection service.