It’s borderline impossible to conduct any business online without seeing potential threats abound. It also doesn’t help that threats tend to disguise themselves to avoid being detected. Today, we want to share a social media threat that one of our employees discovered while going about their day, and we think even a cautious user could have been fooled by it.
The threat in question was a suspicious post that our employee saw while browsing Facebook. It’s not unheard of for Facebook to have news articles and other links in the news feed, including videos and announcements about potential issues in the local vicinity.
This post, however, was a bit interesting in the way it appeared. This post that appeared in their news feed was a post that one of their friends was tagged in, not them. There were another nine individuals tagged in the post, which is leaning into slightly more dangerous territory. The post content was also questionable at best, as it was an image of a blurry car accident with the vehicle engulfed in flames. Worse yet was a YouTube play button placed right in the middle of the image, too small to be legitimate. The icing on the cake was the sensational headline: “Car Accident Leaves Three in Critical Condition.”
There are several red flags here to consider, and any one of them would be reason to suspect this post. But the biggest indicator that this post was nonsense—dangerous nonsense—was that the post went to an unknown link to a potential phishing site or a website designed to deliver threats directly to the user.
If you saw this post in your news feed, would you click it? Would the fear of knowing one of your friends potentially being involved in such an accident cause you to abandon all reason and click that link? Unfortunately, it’s all too easy for even the most security-minded individuals to let these kinds of things slip out of mind under the right circumstances. After all, just because you did not fall for the trick, that doesn’t mean that nobody will—especially your less technologically savvy friends.
Phishing is much more than just suspicious links or infected attachments; it encompasses social media, email, text messages, and other outlets of attacks that are just as dangerous. We see some of the telltale signs of a phishing attack in the above example, like urging people to click on a link through emotional manipulation and blurry, vague images, and the same types of tactics can be used through other attack vectors.
Anytime you suspect a phishing attack, it’s worth taking a step back and applying a healthy dose of skepticism. If you think it could be a phishing attack, there is always the option to contact IT or check your contacts for supplementary contact information, just to make sure that you’re not speaking problems to life. Chances are, though, that if you think there’s something “phishy,” there probably is.
Capital Technology Group can help your business stay safe and secure, even from phishing attacks. To learn more, call us at (501) 375-1111.
Comments