Social media phishing attacks increased by 500 per cent during 2016, according to a new report. Researchers from Proofpoint recorded a huge increase in scams on social media trying to trick users out of their money or sensitive information in the firm’s Q4 threat summary.
The statistic includes the emergence of angler phishing – a form of scam where attackers pose as legitimate companies’ support teams to fool customers. The research found this technique to be most commonly used against the financial services and entertainment industries.
It also noted that as more brands switch to private direct messages to interact with customers on Twitter, it will become easier for attackers to go undetected.
The number of fraudulent accounts detected across social media increased by 100 per cent between the third and fourth quarters of 2016 alone, the report said.
The researchers found that these accounts are commonly used for phishing, social spam and malware distribution, which is reflected in the fact that there was a 20 per cent increase in observed spam on Facebook and Twitter over the same period.
The report also showed a dramatic increase in the amount of malicious email sent and received – the fourth quarter’s largest campaign was nearly seven times as large as the third quarter’s.
While ransomware became the “threat de jour”, multiplying by 30 times over the year, overall exploit kit activity fell 93 per cent from its high in the first quarter.
On mobile, the researchers noted that attackers attempted to hijack popular trends and events, for example by releasing malicious versions of the Pokemon Go mobile game or by writing malicious apps purporting to relate to the 2016 Olympics and its sponsor brands.