When it comes to cybersecurity, it’s common to underestimate the risk of cyber threats infiltrating your home. Yet, the reality is that with children who may not be fully aware of cyber safety measures, it’s easy for threats to creep in. Recently, one of my children encountered a concerning scenario while using social media. They received a message from a contact about a job offer, which appeared appealing despite already being employed.
The attack began innocuously enough, with a request to follow them on Instagram. Gradually, the attacker expanded their reach across other social platforms, eventually moving the conversation to Snapchat. Although this should have raised red flags, my child remained unsuspecting. They accepted the job offer and shared their Venmo details, unwittingly initiating a phishing scheme.
Assigned the task of purchasing several gift cards under the guise of sending out gifts for their new employer, my child complied without hesitation. The scammer also told them they could keep some gift cards as compensation, further obscuring the scam. However, when the gift cards were flagged as fraudulent and the money they’d spent disappeared into thin air, the harsh reality set in. The perpetrator vanished, leaving my child to bear the financial loss.
As someone in cybersecurity, you might wonder how that happens since the request to purchase gift cards is a common scam. Unfortunately, it’s a common occurrence that happens daily to thousands of people, regardless of age. The deal appears fair, and in theory, everyone seems to win. However, that is rarely the reality. Social media serves as a hunting ground for attackers searching for posts that show vulnerability and unsuspecting victims.
Job Phishing
Phishing for fake jobs in Facebook Groups.
Phishing as blackmail.
Phishing as fake family.
Phishing as friend requests.
Phishing with fake money.
Each example above represents a potential pathway within social media that might prompt someone to share banking details or credentials for Venmo, PayPal, CashApp, etc. Nowadays, transactions can occur through the marketplaces or shops of numerous apps, making it challenging to safeguard all avenues.
Where do we begin our investigation? When it comes to dealing with phishing on social media, the collection process naturally targets the device where the communication occurred. However, with social media, there are multiple options for gathering evidence. I have created a straightforward chart outlining various artifacts accessible for evidence collection, along with a more detailed process for each aspect to collect the evidence.
Obtaining consent from the victim is crucial for utilizing any of these evidence options to collect the potential data. Scammers exploiting social media pose a unique challenge because there isn’t always a reliable pathway for investigators to track and apprehend. Scammers can quickly and easily change screen names, and most importantly, they can be located anywhere in the world.
What do we do?
Education is the best defense against scammers. Educating friends and family on all the various avenues a phishing attacker might exploit is important. Teach those in your circle to apply the same precautions to safeguard their privacy that you do in your work in cybersecurity. Remind people to refrain from accepting connections from unfamiliar parties. Set up family safe words to protect against attacks by scammers exploiting a relative’s online account. Limit online app transactions to only known individuals. Regularly review and maintain the cleanliness of your data.
Paraben Corporation offers a comprehensive solution for capturing, analyzing, and sharing data in any digital investigation. Contact us today to learn more! 1.801.796.0944
Forensic-Impact Articles
Memory Forensics Tools Overview
Guest Blogger: Kokab RasoolMemory forensics is becoming more essential in incident response and threat analysis as new threats and sophistication arise in the changing cybersecurity landscape. Memory forensics, as opposed to traditional approaches that rely on hard...
Unmasking Fake Emails: Essential Techniques for Email Analysis
Guest Blogger: Shatabdi MalikIn today's digital age, emails are a prime target for scammers and cybercriminals. Identifying fake emails is crucial to protect yourself and your organization. Here's a straightforward guide on how to spot suspicious emails and ensure...
TikTok Compliance Data Your New BFF
Haven't heard of TikTok? Then you might have been living under a rock (or maybe just enjoying some serious digital detox!). TikTok is one of the world's most popular social media platforms, where users share short-form, often viral videos, featuring dance challenges,...