Information for
Home » Safe Use of Social Media » Social Media Phishing

Social Media Phishing

Social Media Phishing

Phishing is a form of social engineering that is based on approaches from someone you know. This is popular because those receiving the messages will be more trusting if they thinking they are getting a message, link or request from a friend, a relative, or an organisation. Phishing attacks often include links to ‘copycat’ websites that look legitimate, such as a bank, business, or government office, which then ask users to log in—thus revealing their passwords etc to the hackers. The website you will be taken to may look very legitimate with all the right logos, and content. In fact, the criminals may have copied the exact format and content of the legitimate site. (See below for how to check out copycat websites). The links might also infect their device with malware.

Popular phishing attacks
  • A problem that requires you to “verify” your information.

    You might receive an email purporting to come from a bank or credit card provider, a government department, your school or college, a membership organisation or a website you buy from, telling you that you need to follow a link to supply some details – typically a password, PIN or other confidential information. The message might warn you that the request is urgent due to some change in systems, or that otherwise your account will be closed.

  • A task from someone posing as a boss or coworker.

    The message may ask for an update on an important project your company is currently working on, or even seem to contain information about wage increases or promotions. Often the attachment will be a simple word document or excel sheet which might nonetheless contain a virus.

  • An urgent appeal for help.

    A message from a friend who is stuck in country X, has been robbed, beaten, and is in the hospital. You need them to send money so they can get home and they tell you how to send the money (to the criminal).

  • Spear phishing

    is a form of hacking that involves getting a message or email from a colleague, employee, boss etc requesting login information, sensitive employee data, or simply asking them to open an infected attachment or click on a malicious link for more information about a new policy.