Phishing Attacks via Social Media

Written by Amber Schroader

April 17, 2024

When it comes to cybersecurity, it’s common to underestimate the risk of cyber threats infiltrating your home. Yet, the reality is that with children who may not be fully aware of cyber safety measures, it’s easy for threats to creep in. Recently, one of my children encountered a concerning scenario while using social media. They received a message from a contact about a job offer, which appeared appealing despite already being employed.

The attack began innocuously enough, with a request to follow them on Instagram. Gradually, the attacker expanded their reach across other social platforms, eventually moving the conversation to Snapchat. Although this should have raised red flags, my child remained unsuspecting. They accepted the job offer and shared their Venmo details, unwittingly initiating a phishing scheme.

Assigned the task of purchasing several gift cards under the guise of sending out gifts for their new employer, my child complied without hesitation. The scammer also told them they could keep some gift cards as compensation, further obscuring the scam. However, when the gift cards were flagged as fraudulent and the money they’d spent disappeared into thin air, the harsh reality set in. The perpetrator vanished, leaving my child to bear the financial loss.

As someone in cybersecurity, you might wonder how that happens since the request to purchase gift cards is a common scam. Unfortunately, it’s a common occurrence that happens daily to thousands of people, regardless of age. The deal appears fair, and in theory, everyone seems to win. However, that is rarely the reality. Social media serves as a hunting ground for attackers searching for posts that show vulnerability and unsuspecting victims.

Job Phishing

Phishing for fake jobs in Facebook Groups.

Phishing as blackmail.

Phishing as fake family.

Phishing as friend requests.

Phishing with fake money.

Each example above represents a potential pathway within social media that might prompt someone to share banking details or credentials for Venmo, PayPal, CashApp, etc. Nowadays, transactions can occur through the marketplaces or shops of numerous apps, making it challenging to safeguard all avenues.

Where do we begin our investigation? When it comes to dealing with phishing on social media, the collection process naturally targets the device where the communication occurred. However, with social media, there are multiple options for gathering evidence. I have created a straightforward chart outlining various artifacts accessible for evidence collection, along with a more detailed process for each aspect to collect the evidence.

Obtaining consent from the victim is crucial for utilizing any of these evidence options to collect the potential data. Scammers exploiting social media pose a unique challenge because there isn’t always a reliable pathway for investigators to track and apprehend. Scammers can quickly and easily change screen names, and most importantly, they can be located anywhere in the world.

What do we do?

Education is the best defense against scammers. Educating friends and family on all the various avenues a phishing attacker might exploit is important. Teach those in your circle to apply the same precautions to safeguard their privacy that you do in your work in cybersecurity. Remind people to refrain from accepting connections from unfamiliar parties. Set up family safe words to protect against attacks by scammers exploiting a relative’s online account. Limit online app transactions to only known individuals. Regularly review and maintain the cleanliness of your data. 

Paraben Corporation offers a comprehensive solution for capturing, analyzing, and sharing data in any digital investigation. Contact us today to learn more! 1.801.796.0944

Forensic-Impact Articles

Empowering Small Businesses: The Significance of Data Governance

Empowering Small Businesses: The Significance of Data Governance

Guest Blog Post In today's digitally driven world, data is the lifeblood of businesses, regardless of their size. Small businesses, in particular, stand to gain significantly from harnessing the power of data. This article from Paraben Corporation delves into the...

Strengthening Your Career In Digital Investigations

Strengthening Your Career In Digital Investigations

Transcript Hi there, and welcome to another installment of forensic impact. I'm Amber Schroader, and this week I am sharing with you information about strengthening your career in digital investigations. This was a topic conversation that I had with one of the blog...

2023 Review 2024 Predictions

2023 Review 2024 Predictions

Transcript Welcome to the first blog post of 2024 of Forensic impact. I'm Amber Schroader. I'm the one who maintains this blog. It's one of those that I have gone up and down about getting stuff written because there's always piles of research that you can see...