Watch out: New phishing tactics disguised as fun

Social media quizzes and questionnaires are common. They make you laugh, with dozens of people commenting on their answers and sharing their stories. You see a post asking users about their first pets, their names, and some funny situations involving them. It might seem fun and harmless, with everyone taking the trip down memory lane. However, did you know that many security questions include pets? By publicly revealing their names, people might be exposing it.

And such situations are relatively common online. People share certain information without considering the possible consequences. In fact, social media has become a breeding ground for scams and phishing. For instance, iPhone giveaways are one of the recent scams circulating on social media. Unfortunately, not all of them are as obvious even to security-conscious users.

How does phishing happen on social media?

You’ll find innocent-looking questions about your favorite restaurant or your first date on social media. Careful; phishers might have posted these. While these posts seem lighthearted, the comments users make are a goldmine of commonly used security questions.

Some of the most common questions asked are about:

• Your first car
• Shows you love to re-watch
• Your first-grade teachers
• Your dream places to visit

We don’t say that every such game asking funny questions is posted by a cybercriminal, but while the posts may indeed be innocent fun, commenting on them involves risks. The answers to the questions asked might well be your answer to a security question for any of your accounts. You can’t control who’s reading the posts as they are, almost always, public.

Such game posts are shared on Facebook, and they have spread to other social media platforms as well. Cybercriminals fishing for security question answers can exploit quizzes and surveys on platforms like Twitter and Instagram. The “get to know videos” on TikTok are also a threat. You might reveal your answer to a security question while answering quizzes on these social media fun posts.

What else makes you vulnerable?

You may receive emails asking you to click on links to redeem gifts, or you may receive a text saying that your bank account has been hacked. These messages seek to exploit your emotions—you either feel thrilled or panic. The intention is to make you act urgently and part with sensitive information.

How should you protect yourself?

While phishing scams are rampant, there are ways you can protect yourself. We share a few with you.

• Verify the source. Who are the senders of the messages? Did you contact them earlier? Is there a sound reason why they have got in touch with you? Check the giveaways with other sources as well. Ignore the messages if you notice anything suspicious. Usually, if the offer is too good to be true, it probably is.
• Avoid sharing sensitive information on social media. You might feel tempted to fill out fun quizzes like “top 10 things to know about me” or enjoy chipping in during a chat with your first crush, but there’s always the risk of this information being used against you, and the risks are significant. Avoid answering the prompts and don’t share them either. Of course, you should not use meaningful words as passwords. If you struggle to remember them all, use password managers and 2FA on all accounts.
• Keep your eyes open for inconsistencies. You can gauge the authenticity of a message by the way it has been written. Do you see spelling mistakes or strange spaces between words? Before clicking on any link, hover the mouse over it to see if the site it links to relates to what the email says.
• Stay calm. Social engineering attackers take advantage of the usual panicky reaction from most instead of calm well-thought-out responses. See if the message makes sense. Would your bank ever ask for your login details? Never. It tells you that it’s a phishing email.
• Report, block, and flag spam. Upon receiving an email or text message you find suspicious, mark it as spam and report it. Don’t forget to delete it.
• Use a Virtual Private Network (VPN). A VPN is a very effective tool to protect yourself against phishing. It encrypts your internet traffic and masks your IP address. However, more advanced tools include protection against phishing, like blockers that prevent access to websites suspected of dangerous activities. So, a VPN download can protect your connections and traffic and defend against phishing attempts.

Conclusion

Exercising caution is the key to staying protected. Avoid participating in fun quizzes. Even if you share sensitive information, make sure that you do so with people you can trust. When you receive a phishing email or text, don’t panic. Delete it and report the matter to the proper authorities. Mind your step and follow the tips we shared above. Stay safe.