Sensational News Headline, or Phishing Attack?

When you live a life connected to the Internet, there is always a chance that you will encounter a threat that is disguised just a little too well to be discovered. We wanted to write today about one particular social media threat that we think might have been good enough to fool an unsuspecting user.

The Situation in Question

One of our employees brought up the other day how they saw a pretty suspicious looking post on Facebook. Now, the well-known social media site is often used for sharing links to various news outlets and other websites, so it’s not out of the question to see videos and posts about local issues that users might want to be aware of.

We asked our employee to go into a little more detail about the suspicious post, and they had some interesting comments. They reported that the post in question was not actually made by one of their friends; instead, one of their friends was tagged in it, alongside another nine individuals. In the post, the thumbnail was the wreckage of a car following an accident, with the car being engulfed in flames. Smack dab in the middle of the image was a YouTube play button that was too small to be considered legitimate. The title of the post was “Car Accident Leaves Three in Critical Condition.”

While the post’s image and headline were suspicious and vague enough to warrant suspicion, the dead giveaway was the link that Facebook left on full display. The post itself was a link to a website that was most certainly a phishing site or a website waiting to deliver a malicious payload of some sort upon click.

This type of attack showcases just how easy it can be to trick people who might let their guard down on social media. Imagine if you’re tagged in such a post, and you are only partially paying attention. It’s remarkably easy to just tap a news story without a second thought. Now, we know that you might be able to identify a potential threat in this way, but others who see the post might not, and that’s really what the hacker is all about: spreading the threat as far as possible.

Phishing Attacks Strike Through All Kinds of Mediums

Whether it’s through social media, email, or even text message, phishing attacks try to get you to perform certain actions without thinking twice about them. In the above example, the attack used a sensationalized and vague headline to get the reader thinking that something was wrong and that they needed to know what the post was about. The same can occur with an email message, where the user might see a subject headline like “urgent” or “action required.”

Ultimately, it’s best to approach any potential phishing scenario with a healthy dose of skepticism. If you think that you’re looking at a phishing attack, you can always notify IT or contact the individual who sent the phishing message through verified contact information, like that found on a website or in a directory.

For more great security tips, stories, and best practices, reach out to BNMC at (978) 482-2020.