Recently, A friend of mine had her Facebook account hacked using a technique known as phishing(We will talk more about phishing later). Who sent you that link? I asked her.? She responded, “I clicked it because a random page shared it.” My initial reaction was, “What The Fuck!?”, then I realized she wasn’t the only one who fell for this kind of hack.
What is Phishing?
I wrote this article for the casual internet users. I will not go into detail about how businesses are targeted with phishing.
Phishing is still one of the most common cyber-attacks because it can be carried out fairly quickly and very easily. During phishing, cybercriminals can steal data or infect files and networks with malicious code. Since we rely heavily on social media and emails, phishers can use social engineering(to play with a brain) to trick us. An attacker’s goal is to persuade the target to act, such as opening an attachment or clicking a link to a malicious website.
According to a 2021 Verizon report, 36% of all data breaches involved phishing in one way or another.
You can be the next victim.
Anyone can be a victim of phishing attacks. Period. It doesn’t matter how smart or well-trained you are. Sooner or later, you’ll probably fall victim to a credential phishing attack launched by professional blackhat, revealing your usernames and passwords to attackers, giving them the ability to compromise your account.
No matter what field you are in or how smart you are, there is still a significant chance of being duped by phishing.
Real Life Phishing Attack
- Google and Facebook have both been targeted by phishing scams. An invoice sent by a hacker posing as a vendor of computer parts to Google and Facebook in 2013 and 2014 and more than $100 million was paid to the hacker by both companies.
- Recently, Youtubers are being targeted by a hacker in the name of promotions.
- Gamers are being targeted by Phishing attacks in large numbers these days.
- During COVID19’s first phase, a massive phishing campaign took place.
Could you be a target?
You might be thinking, “Why would a hacker waste their time trying to hack me when I’m not a businessman or even a special person .” Fair enough, you aren’t a target because you are an ordinary person with little sensitive data. However, hackers target mass audiences these days, and you are at risk of losing your private data.
The “Mass Phishing Campaign” uses breached email addresses, phone numbers, and social media platforms to conduct the campaign. The use of fake ads on Facebook is nowadays one of the most common mass phishing campaigns.
Numerous methods are available to hackers for targeting victims. In this article, we will be talking about how hackers use Social media to conduct phishing campaigns against people. Let’s look at some of them.
- Gaining trust through compromised users
As one of the methods hackers use to spread malicious URLs, they compromise user accounts and send the malicious URL through compromised accounts to their close friends and relatives, which increases the likelihood of people clicking on the URL.
2. Update App
Numerous advertisements on Facebook claim this is the latest update for messenger and Facebook. What the hell Facebook thinks when they allow this kind of advertising. Anytime you wish to update any app, go to the app’s company website or download it from Google Play/ Apple Store.
3. Free Money
Who doesn’t want free money? This is one of the most common techniques in countries like Nepal and India. Also, it is an effective way to gather sensitive information from poor/middle-class teenagers. The attacker will spread fake ads accompanying his app to launch a campaign. You may have seen an app that claims to give money for signing up. Remember this, Noone will provide you with free money. When someone claims to provide you with free money, they are taking from you something very precious.
4. Diamond — UC — Gems
Most games these days have in-app purchases, such as characters, outfits, and skins for guns. When people couldn’t afford to purchase those cool things, they began looking for ways to obtain them for free. That makes this the ideal time for hackers to compromise victim’s accounts. The hackers will create a false web page that looks legitimate and promises free characters, outfits, and skins for guns to compromise players’ accounts.
Curiosity doesn’t always lead to Learning but sometimes leads to a really bad experience. The hackers create a website with a title that will entice users and end up capturing their personal data. The most commonly used titles are: Who has checked your profile? Who has blocked you recently? Pornstar XXXXX wants to facetime you, etc.
How to Protect Yourself
- Don’t trust anyone.
- If the email message contains links, do not click on them, and do not open any attachments within the email without verifying them.
- Enter no personal information on a pop-up screen. A legitimate company, agency, or organization does not ask for personal information via pop-up screens.
- Use Antivirus to detect Phishing Emails.
- Remember, No free money.
- Remember, No free UC, Gems, and Diamond.
- STOP CLICKING RANDOM LINKSSS
- Check the URL before submitting any data to the website. Facebook.com and Faceb0ok.com are completely different websites.
All you really need is some common sense and to avoid acting on impulse. You can easily prevent phishing by always being aware while browsing — avoiding phishing takes much less effort than dealing with its consequences. Prevention is better than Cure. Stay Safe, Stay (SayCure), Stay alert.