Norton Labs’, the global research team for NortonLifeLock (NASDAQ:NLOK) has published its quarterly Consumer Cyber Safety Pulse Report providing cybersecurity insights from between April through June 2022.
The company used its global threat telemetry to produce the analysis, which includes findings on how cyber criminals are using social media phishing attacks to steal people’s private information. Norton Labs picked apart a whole year of phishing attacks on the biggest social media platforms, and found a lot of fake login pages designed to lure victims into revealing their login credentials, but also other newer and novel tricks that went beyond one technique.
“Threat actors use social media for phishing attacks because it’s a low-effort and high return way to target billions of people around the world. As social media is intertwined in our daily lives, it’s key to know how to spot the signs of a scam, and keep a sharp eye on where requests for your information are coming from. Even better, consider strong, multi-layered security that can be on the lookout for you,” said Darren Shou, head of technology, NortonLifeLock.
NortonLifeLock is devoted to consumer cyber safety, working to protect people and give them the confidence to live their digital lives safely. The company’s products include cybersecurity suites, antivirus, and more.
Norton Labs found the top tactics used by hackers to get victims to reveal personal information, and even though classic login phishing still ranks number one, hackers are getting a bit more savvy in finding new ways to get social media users to spill the information. Some of these tactics include lockouts, or making it seem like a victim’s account has been locked, therefore luring victims into revealing credentials, or installing malware on the promise of a boosted follower count. Also, verified badge scams, wherein a user will be forced to login to acquire and not lose their verified status on the platform.
Cybersecurity by the Numbers:
From April through June 2022, Norton stopped over 900 million threats, or around 10 million threats every day. Norton blocked:
- 22.6 million phishing attempts
- 103.7 million file threats
- 302 thousand mobile threats
- 78 thousand ransomware attacks
Another popular phishing campaign involves the interception of temporary codes in order to break into profiles using two factor authentication (2FA). These tokens are usually connected either through an app or some other service to the victim’s device and allow the scammer to perform acts like modifying personal details or altering login credentials.
Scammers also took advantage of opportunities afforded by students and financial need by offering fake scholarships and financial aid.
The most pernicious fraud Norton discovered involves the payment app Zelle.
Zelle typically shows up on mobile devices or from a bank’s website as a means to send instant payments from one bank account to another. The receiver doesn’t need to accept or acknowledge the payment, and the sender is simply asked to confirm before sending it. Once the payment has gone through, though, there’s no way to get the money back.
It’s a convenient way to pay your friends but it’s equally convenient for hackers and scammers to trick people into draining their bank accounts.
The two types of fraud NortonLifeLock found involving Zelle are:
Zelle + social engineering:
It begins with a text message alerting victims to some activity like a big transfer from their bank account. The victim responds that he or she didn’t know about it and gets a callback from a fake bank rep. The attack weaves an elaborate story to convince the victim to associate their phone number with an account controlled by the hacker, who then gets the victim to transfer all their money via Zelle to the phone number to secure it. Then the attacker disappears.
Zelle as a tool:
Another method involves breaking into your bank account through phishing or malware, which gives the hacker free reign to log in and transfer money out of your account into theirs, and then disappear. Zelle is used as the tool to quickly transfer money, and that money’s gone.
The takeaway from this according to Norton is to not answer any texts or phonecalls relating to Zelle.