Why Social Media is Increasingly Abused for Phishing Attacks

Today, social media is a daily medium for communication for much of the modern world, and adoption only continues to grow. Because of this, much like how threat actors started to target mobile users, they have begun to abuse social media, too.

phishing and social media

And, while marketing teams have been known to monitor social media to protect their brand and communicate on their behalf, they are not equipped to handle the advances in social media that are becoming increasingly prevalent. Much like the issues email security faces in the face of missing social engineering-based attacks, so do the tools typically used to monitor social media.

Phishing is defined as social engineering using digital methods for malicious purposes. In the case of social media, there are numerous forms of phishing that occur:

  • Impersonation
  • Credential theft
  • Propagating attacks
  • Data dumps
  • Romance scams
  • 419 Scams (Nigerian prince)
  • Intelligence gathering (for account takeover and spearphishing)

In 2018 we found that the abuse of social media increased by near 200%, and that number only continues to rise. In total, more than 5% of phishing attacks are associated with social media. Unfortunately, these platforms still offer only minimal controls to prevent the further propagation of account takeovers, and because social accounts typically need to be approved prior to connecting with people, they offer a stronger sense of trust.

Larger Than You Think

Each day, there is a good chance you’ll run across a YouTube video, an embedded tweet in a news article, or even scroll through cute puppies on Instagram. However, the threats posed to social media as a whole are significantly larger than just the biggest social media sites. Blogs, forums, news sites, paste and doc sites, and even gripe sites are all part of the social media ecosystem.

Take for example your organization. As a brand, there is a good chance there are set profiles on the largest networks; however, what about your users and employees? The more prevalent and engaged a digital medium, the greater the likelihood that a threat actor will attempt to abuse it.

How Social is Abused

Over the coming weeks, we’ll provide a more detailed look at some of the ways social media is abused, but for starters, we want to expand on the definition of phishing.

C2 Infrastructures

Abusing short URLs is nothing new when it comes to phishing attacks, but it is becoming more prevalent on Twitter. Threat actors use a combination of Twitter’s URL shortener to hide malicious links, while other threat actors (and pentesters) even hose their C2 infrastructure on the platform.


Because phishing is the malicious use of social engineering, impersonation plays a huge role in the success of an attack. By posing as someone with any kind of authority, it’s easy to damage that person, the brand associated with them, and trick users into taking a specific action. This doesn’t include parody accounts, which are commonly labeled, but more so incidents that negatively impact users. One of the most common examples is that when a celebrity posts a Twitter, a threat actor replies to it, posing as that user, saying they are giving away free bitcoins. Hint: they aren’t.

Credential Theft and Propagation

Not only are threat actors sending phishing attacks right on social platforms, they also trick users into logging into fake landing pages, which in turn hands over their credentials. When this happens, a threat actor can gain access to the user’s account, and further, propagate attacks to trick new users into handing over their credentials or act more like a BEC attack and ask for a wire transfer.

Data Dumps

It’s not uncommon for dumps of breached databases to make the rounds on the internet. This can happen on dumpsites, forums, and even sold on the dark web or other marketplaces.

Data Gathering

Quick, what was the name of your first pet? It was fluffy, wasn’t it? Well, that post you shared on social media 10 years ago just happens to contain the information use also use to reset passwords. How about personal information about your life beyond the basics? A threat actor can find that too, and then use that information to build a sophisticated spearphishing campaign custom-designed for you.

Understanding Phishing’s Impact on Social Media

Stay tuned as we dig further into how social media is impacted and abused for phishing attacks. You can also subscribe to our newsletter for weekly updates (see the sidebar).

To learn how PhishLabs can protect your organization, employees, brands, and users from social media-based digital risks, learn about our Digitial Prisk Protection service. You can also dig into our more recent Business Email Compromise (BEC) series that shows why it is the most costly form of phishing.


Article Link: https://info.phishlabs.com/blog/how-social-media-is-abused-for-phishing-attacks