In the context of World Social Media Day, celebrated on June 30, Kaspersky warns of fraudulent websites created to steal users’ personal data.
Kaspersky experts warn of a wave of scams using social engineering and phishing techniques on social media and messaging apps to steal credentials and distribute malware.
Taking advantage of the popularity of platforms such as WhatsApp, Facebook, Instagram, X, Telegram, and TikTok, cyber attackers are creating fake pages that mimic legitimate websites and promise everything from account verification to benefits like free followers or premium features. This situation is especially worrying considering the high level of digital exposure users face today.
Over the past year, Kaspersky has identified multiple fraudulent campaigns employing sophisticated tactics and widely recognised platforms to execute their attacks. These scams operate in a variety of ways, but they all have a common goal: to obtain users’ credentials or install malicious software on their devices. Below are examples of such schemes.
Fake verification pages:
Users were led to websites mimicking WhatsApp and other app’s official interfaces. These fraudulent pages ask users for their phone number and the verification code received via SMS. With this information, cyber attackers could access accounts, take full control, and perform actions such as impersonating them, sending messages in the victim’s name, or accessing confidential information.
Promises of free followers:
Fraudulent pages offered to boost users’ digital popularity on platforms like Instagram by supposedly giving away followers. However, to access the benefit, victims had to voluntarily enter their login credentials. This strategy allows cyber attackers to take control of accounts, use them to spread further scams, or even sell them on dark markets.
Fake shops on TikTok: This social network has also been the target of targeted attacks, especially through its TikTok Shop feature, which allows sellers to directly associate products with posted videos, making them easier to purchase. Taking advantage of this functionality, cybercriminals created fake sites that simulate being part of TikTok Shop, with the aim of stealing sellers’ credentials.
Fake security notifications: Cybercriminals sent alerts pretending to be from Facebook and similar platforms’ security teams, warning of suspicious activity on the user’s account.
Through these notifications, they directed victims to phishing forms requesting their credentials. Once entered, the attackers could take control of personal profiles or manage pages, using them for scams, spreading malicious content, or extortion.
These situations reflect the real risks associated with using social media: exposure of personal data, loss of control over accounts, dissemination of false information, and threats to privacy.
Despite the increase in these types of threats, users are not defenseless. With increased awareness, good cybersecurity practices, and the use of reliable protection tools, it is possible to significantly reduce the risk of falling victim to these scams.
“Social media and communication apps have become a part of our lives, but with their popularity comes cyber risks. With the rise of artificial intelligence-based tools, scams can be more believable and personalised than ever.
Therefore, it is key to maintain cybersecurity awareness, develop critical thinking, and use robust cybersecurity solutions,” comments Seifallah Jedidi, Head of Consumer Channel for META at Kaspersky.
Provided by SyndiGate Media Inc. (
Syndigate.info
).
