Social Media Phishing – The 2023 Cybersecurity Threat

Written by

According to a report, more than half of the world uses social media, and that’s a lot. Most of us use it to tell others what we’re up to, where we’re from, when our birthday is, and what we like. Businesses also rely on social media to sell things, market their brand, and talk to customers. 

But hackers see all this as significant information and can exploit it to trick us into giving them our personal information. They do this through phishing attacks.  

The Federal Trade Commission recently shared a report revealing $8.8bn was lost to scams in 2022. That’s 30% more than in the previous year.  

Therefore, precautions are necessary. But before that, you should know what a social media phishing attack looks like and how a hacker tricks you.    

What is Social Media Phishing   

Phishing is when cybercriminals impersonate a fake identity to trick victims into sharing their sensitive information by creating a false sense of security and urgency. However, when phishers attack through platforms like Instagram, Facebook, Twitter and LinkedIn, it is called social media phishing. Cyber-criminals target social media because it can give them access to numerous linked accounts of family, friends and clients.

How a Phishing Scam Looks on Social Media  

To combat a phishing attempt, it’s crucial to detect it in real-time. Stay informed about prevalent phishing schemes and remain vigilant for suspicious social media activity.  

Phishing Through Emails  

In 2021, more than 90% of organizations in the UK became victims of the email phishing attack.  

Social media platforms often send emails to update users about security protocols or account-related information. Unfortunately, users trust these emails when they originate from legitimate social media sites. These email templates are often standard and familiar, making them an easy target for spoofing.  

Due to users’ tendency to disregard the design elements of these emails, hackers benefit from this behavior by incorporating fraudulent links and buttons within the message body. When clicked, these links direct users to malicious sites where scammers steal sensitive information.   

Scammers often employ tactics, such as setting up fraudulent password reset scams or initiating malware downloads, to trick people into giving away their personal information. 

Fake LinkedIn Jobs   

Scammers can also exploit LinkedIn by creating bogus company pages and job scams. These scams begin with fraudulent job postings and gathering sensitive information. Then, cyber-criminals use this information in future phishing attacks.  

Scammers sometimes take things a step further by offering victims a fictitious job and sending them a fraudulent initial paycheck by mail. After the victim deposits the check, the scammer will provide a reason for asking the victim to return a portion of the funds. Once the check bounces, the scammer disappears with the victim’s money.  

Malicious Direct Messages  

Social media platforms such as Instagram and Facebook provide easy direct messages. Many apps also have an in-app messaging feature, which scammers can exploit to create fraudulent profiles and impersonate someone close to the victim, such as a family member or friend.  

By taking advantage of the direct communication channel and the user’s trust, these scammers fabricate fake scenarios and ask for help. Often, these requests involve emergency payments or passwords to private accounts.  

Crypto Scams  

A common social media phishing scam is a cryptocurrency investment or giveaway scam. These fraudulent activities are promoted on Facebook and Twitter and propagated through fake celebrity profiles.  

In 2021 alone, these fake accounts stole over $2m through cryptocurrency scams. 

These impostors create social media accounts that look legitimate, and they use persuasive language, often with a sense of urgency, to convince people to send them cryptocurrency. These scams are so convincing that even famous figures like Elon Musk and former US president Barack Obama have had their profiles impersonated by cyber-criminals

Fraudulent Quizzes  

Cyber-criminals often pose seemingly harmless questions on social media platforms, such as asking about your first job or first car. Though these posts may seem innocent, they can be used as security questions to gain access to your personal information.  

This issue is particularly prevalent on Facebook but also other social media platforms.  

Cyber-criminals, working individually or collaboratively, can exploit quizzes, surveys on Twitter and Instagram, and ‘get to know you’ videos on TikTok.  

Customer Support Scam  

Online chats are instant and easier than phone calls. This makes them popular among younger consumers who prefer text messages over waiting. Many companies are expanding their service options by offering dedicated support accounts to cater to these preferences.  

Unfortunately, scammers can easily deceive people by using a stolen logo and company description to create fake accounts that look like genuine companies. They then ask for help. They might direct targets to fake login pages and steal their login credentials. Some scammers even ask for upfront payment for repair services they don’t provide.   

How to Prevent Phishing on Social Media  

Phishing attacks are growing rapidly, and so is the risk of victimization. However, there are some practical and easy ways to stay safe.    

  • Don’t publicly share your personal information on social media. You may want to know if a set of random questions can perfectly guess your age. However, these simple questions can drastically affect you.  
  • Always check the URL and source of the message/email. Have you contacted them before? Are there any signs of phishing in the email, such as typosquatting or doubtful email addresses?  
  • Use a combination of security measures such as anti-virus software, encryption, strong passwords and two-factor authentication. Also, don’t use the same password for multiple social media accounts.  
  • When applying for a job, always verify the authenticity of job postings or communications received through the platform.
  • Don’t add unknown people to your social media accounts.  
  • Don’t click on a suspicious link. To update your personal details, refer to the social media platform directly instead of clicking an email link.  
  • If you own a company, inform your clients and employees about your communication practices and the channels you use to connect with them.  


Along with the increasing use of social media, privacy theft risks are also increasing. Cybercrime is evolving and getting worse with each passing year. To remain safe, you should know how to spot a phishing technique and avoid being a victim.  

Editorial image credit: ashadhodhomei /

What’s hot on Infosecurity Magazine?