Following on the heels of a recent blog on social media-themed phishing on Facebook, researchers at Trustwave’s SpiderLabs discovered another flavor of “infringement” phishing scams. While the latest case still resides under the umbrella of Meta, this time the targets are Instagram users via another Meta property: WhatsApp.
In a blog post on Thursday, the Trustwave researchers said while the copyright infringement phishing and URL redirection techniques are not new, its research team has seen an increase in phishing using these techniques,
“It's a common credential grabber utilizing a copyright infringement notice to lure victims in,” explained Karl Sigler, senior security research manage at Trustwave. “The copyright infringement component provides the sense of urgency to get the victim to click. Especially these days when social media posts can be so important for some people. The other interesting angle here is … that by utilizing a valid service as a redirector [like WhatsApp, in this case], phishers can often bypass security controls that inspect a URL and ignore it when it appears to be valid.”
Patrick Harr, chief executive officer at SlashNext, said these types of social engineering phishing attempts are very effective because they play on emotion and instigate immediate action. Harr said before the victim has time to think if this is a phishing attempt, they quickly jump to action to save their account from being blocked or taken down.
“What’s scary for organizations is an increase in crossover attacks, where credentials are harvested from an employee in a personal app and then used for a company breach,” Harr said. “That’s why it’s very important to have phishing protection for social media apps.”