Scam Alert: Social Media Phishing

Scammers are always trying different ways to trick an unsuspecting person into running and installing malicious software on their computer so they can steal information, install ransomware, or worse.  We have seen this through email, fake websites, and fake phone calls.  In some of the latest attempts – they are leveraging social media.

Recently a scam about a phishing campaign targeted professionals on LinkedIn.  The targets were selected based on their job title and company - specifically people in digital media or digital marketing roles, who might have access to the company's social media accounts.  The scammers would then trick the user into downloading something that looked like a pdf file – but it was really malware that would grant the attacker admin access to the social media account that they would then use to steal information, payment details, and scam the company's followers.

Marketing people aren't the only ones being targeted. Attacks against executives and IT administrators are also very common.

Even though you are on social media and not using email – the same rules should apply:

• Be careful of messages from people that you do not know
• For people you do recognize - be suspicious of requests asking for personal/financial information or doing something the person wouldn't usually ask you to do. Creating fake accounts using other people's names and real pictures is trivial for an attacker to do.
• Don't download or click on unexpected links or attachments

Additionally be careful what information you share on social media. While those quizzes may seems harmless some of the answers your share such as the name of your first pet, or where you went to high school are often the answer to the security questions that protect your online logins.