Social media scam
As technology evolves, so do the techniques of malicious users lurking on the internet. Social media fraud is achieved by one of the most common methods of online fraud: phishing, which has become more and more intense as the years go by.
Phishing is a form of fraud in which a perpetrator disguises himself or herself as another person in emails or other communication channels such as social media. The perpetrator uses emails to distribute malicious links or attachments that can perform various functions, including stealing data from victims such as username and password. Phishing is popular with cybercriminals, as it is much easier to trick someone into clicking on a malicious link within a seemingly trusted email than it is to hack into a computer’s security systems.
Phishing attacks usually rely on emails or other methods of electronic communication, including instant messages sent via social media and SMS text messages.
Perpetrators can use any public source of information, including social media such as LinkedIn, Facebook and Twitter. Their goal is to gather basic information about the victim’s personal and work history, interests and activities.
Through phishing, the perpetrator can reveal personal data such as names, job titles and email addresses of potential victims. In addition, they can find information about their colleagues and the names of key employees in the same workplace. This information can then be used to create a credible message. Targeted attacks, including those carried out by advanced hacking teams, usually start with a mail containing a malicious link or attachment.
As cybercrime organisations continue to educate their users and develop anti-phishing strategies, cybercriminals continue to develop new types of fraud. Some of the most common types of phishing tactics include the following: Phishing attacks target specific individuals or companies. Typically, information specific to the victim is used, collected to better represent the message as authentic. Spear phishing emails may include references to associates or executives of the victim’s organization, as well as the use of the victim’s name, location or other personal information.
Whaling attacks are a type of phishing that specifically targets senior executives of an organisation, often with the aim of stealing large amounts of money. Those preparing a particular phishing campaign research their victims in detail to create a more authentic message, as using relevant or specific information about a target increases the chances of the attack being successful. Because, a typical whaling attack targets an employee with the ability to authorize payments, the malicious message often appears to be an order from an executive, usually a supervisor, to authorize a large payment to a vendor or customer of the organization. This is done in such a plausible and artful manner that it is not easy to discern at first glance that this is a scam.
Clone phishing attacks use mails that have been previously delivered, but are authentic and contain either a link or an attachment. Perpetrators create a copy of the authentic mail by replacing any number of links or attachments with malicious links or files with malware. Because the message appears to be a copy of the original, genuine message, victims are often tricked into clicking on the link or opening the file.
Phishing attacks depend more on sending an email to victims and hoping that they will click on a malicious link or open a malicious file. Perpetrators use various techniques to trap their victims: Using a programming language, one can change the email address that appears when the mouse is hovered over a phrase in the text containing a link.
Sometimes the mail or an advertising campaign of a famous company is forged. Other times they use some links that look like links of these companies. For example, the perpetrators may create some sites using addresses quite close to some well-known ones. Early examples of such addresses include the use of the numbers 0 or 1 to replace the letters O or l. For example, perpetrators might try to spoof the domain microsoft.com with m!crosoft.com by replacing the letter i with an exclamation point. Malicious domains may also replace Latin characters with Cyrillic, Greek, or other character sets that appear in a similar manner. Hiding all or part of a message as an image sometimes allows perpetrators to bypass antivirus scanning mail for specific phrases or terms common to phishing.
This is a common form of fraud, and works on the assumption that victims will panic to give them personal information. Usually, in these cases, the perpetrator poses as a bank or other financial institution. In an email or phone call, the perpetrator informs the potential victim that their account has been compromised. Often, the scammer uses the threat of data theft to successfully do just that. Over time, phishing has evolved as a function of the evolution of technology that has no specific legislation to effectively suppress and deter such phenomena because in these cases the enemy is essentially invisible.
The most appropriate methods for dealing with and securing our information are:
Social media scam – Private Investigator Pelekasis Nikos
“The above text may be indicative of practices and methods used in the past. Some tactics and methods may now be applicable under the new law 5005/22 concerning the procedure for the removal of privacy of communications, cybersecurity and protection of personal data of citizens.”