Deceptive Phishing : Deceptive phishing is the most common type of social media phishing. In a typical scenario, a phisher creates an account pretending to be the account of the victim. Next, the phisher sends friend requests to the friends of the victim as well as a message such as “I have abandoned my previous Facebook account. From now on, please communicate with me through this account only”. Afterwards, the phisher starts sending messages to the friends of the victim that demand the recipient to click on a link. Examples of such messages include:
a. A statement that the receiver of the message has a virus which can be deleted by signing up for a special anti-virus inspection conducted by the social network
b. A fictitious invoice which can be cancelled by clicking on a link requesting the user to provide her/his personal information.
In most cases the messages sent by the phisher to the victim aims at collecting the personal information of the victim, including numbers of credit and debit cards. This information will be used by the phisher for transferring funds from the victim’s account to the phisher accounts. It is worth mentioning that often the phisher does not directly cause any economic damage to the victim, but merely resells the stolen information to third parties who commit the actual financial theft.
It should be noted that even the social network accounts of famous persons could be impersonated and used for deceptive phishing.
Content Injection based Phishing :
The content-injection social network phishing refers to inserting malicious content in social networks. The malicious content can often be in the form of bogus posts (e.g., tweets, posts in the Facebook feed or in LinkedIn feed) published by users whose accounts were affected with rogue apps. In many cases, the victims are unable to see the bogus posts posted by the malware apps on their behalf. The bogus posts, for example, may contain a photo of the account owner and the text: “I am in the hospital. If you would like to help me, please sign up by clicking on the following link”. When the victim clicks on the link, he/she will be requested to provide his/her personal data, which may be used by the phisher for committing identity theft and other scams.
Sometimes a post may contain a malicious content and hoax text that requests the users to share the post. Phishers can easily insert phishing links in the hoax messages which may ask users to login into their accounts in order to share content or verify their account details.
Malware Based Phishing :
Malware-based phishing refers to a spread of phishing messages by using malware. For example, the Facebook account of a victim who installed a rogue Facebook app will automatically send messages to all the friends of the victim. Such messages often contain links allowing the receivers of the messages to install the rogue Facebook app on their computers or mobile devices. The best way to avoid the installation of rogue Facebook apps is to be very selective when installing any third-party Facebook applications. For example, Facebook apps developed by unknown developers that request access to extensive information should be researched thoroughly. One method often used by phishers to “seduce” the Facebook users to install malware to their computer is to promise them that the malware will enable them to see a list of people who visited their Facebook profile page.
In some cases, phishing malware is enclosed in gaming apps for mobile devices. For example, a popular gaming app called “Cowboy Adventure” contained malicious functionality that allowed the app developers to collect Facebook IDs and passwords of the users. The app operates as a genuine app and the person who installs it may not even suspect that he/she installed malicious software on his/her computer. The app was removed from the Google Play Store. However, similar malicious apps may already exist on Google Play Store, Apple AppStore, and other app marketplaces.
Men in the Middle Phishing :
A man-in-the-middle social network attack, also known as social network session hijacking attack, is a form of phishing in which the phisher positions himself between the user and a legitimate social network website. Messages intended for the legitimate social network website pass through the phisher who can inspect the messages and acquire valuable information. Furthermore, the man in the middle can post phishing links on behalf of the victim.
There are many online tutorials that provide instructions on how to hack Facebook using a man-in-the middle attack. The man-in-the-middle attacks are easy to perform because they consist of several easy to implement steps. In a typical scenario, the attacker performs the following steps: (1) the attacker lures the victim to a phishing site (e.g., a fake login page of Facebook) where the victim enters his/her username and password; (2) the phisher’s server uses the stolen credentials to enter the legitimate social network website and keeps the session open; (3) when the user logs off from the phishing website, the phisher inspects the account of the victim on the legitimate social network website and acquires valuable information which can be used for various criminal purposes, such as stealing money or coming identity theft.
In some cases, the work of the man-in-the middle is facilitated by security vulnerabilities in the social network platforms. By way of illustration, the Egyptian penetration tester Ahmed Elsobky discovered a serious flaw in Facebook, which allowed hackers to perform a man-in-the-middle on Facebook. Facebook’s security team replied to the finding of Ahmed Elsobky as follows:
“We’d actually received an earlier report from another researcher regarding this same issue. In response to that report, we’ve been working on limiting this behavior when it comes to our official apps, since they’re pre-authorized. For other apps, unfortunately, fully preventing this would mean requiring any site integrating with Facebook to use HTTPS, which simply isn’t practical for right now.”
In order to prevent man-in-the-middle social network attacks:
- Never send an access token over unencrypted channel
- Use only encrypted apps
- Use “HTTPS Everywhere” Browser Extension.
That’s it guys! Social network phishing is a significant information security threat for both individuals and companies. A large number of individuals have become victims of identity theft resulting from phishing attacks. Such attacks have caused severe reputation damage to many companies. There is a pressing social need for spreading security awareness about phishing. This article attempted to spread such awareness by examining the four most popular social network phishing attacks. The article also provides recommendations on how to avoid some of those attacks. Hope this helps.
Keep Learning !! Keep Connected!!