India saw over 1.5 crore social media phishing attacks in Q2
Phishing attacks via social media are on the rise and India witnessed over 1.5 crore such cyber threats in the second quarter (Q2) this year, an average of more than 17.5 lakh attacks per day which were blocked by Norton Labs, the cyber-security company said on Tuesday.
New Delhi, July 26 (IANS) Phishing attacks via social media are on the rise and India witnessed over 1.5 crore such cyber threats in the second quarter (Q2) this year, an average of more than 17.5 lakh attacks per day which were blocked by Norton Labs, the cyber-security company said on Tuesday.
In the April-June period, Norton thwarted over 900 million threats, or around 10 million threats per day globally. During that three month period, there were 22.6 million phishing attempts and 103.7 million file threats globally.
Globally, there were 302,000 mobile threats and 78,000 ransomware attacks, according to Norton Labs, NortonLifeLock's global research team.
"Threat actors use social media for phishing attacks because it's a low-effort and high return way to target billions of people around the world," said Darren Shou, head of technology, NortonLifeLock.
"As social media is intertwined in our daily lives, it's key to know how to spot the signs of a scam and keep a sharp eye on where requests for your information are coming from," he added.
The researchers uncovered the top tactics cybercriminals use to get victims to reveal personal information, and while classic login phishing pages are still the most common ploy, cybercriminals are finding new ways to deceive social media users.
Tactics include account lockouts which makes it seem that a victim's account has been locked due to "copyright violations".
Other tactics include luring victims to reveal login credentials or install malware on the promise of increasing follow count and prompting users to login to obtain, or not to lose, their verified status on the platform.
Another phishing campaign tactic aims to intercept temporary codes, to break into profiles with two-factor authentication enabled. "These tokens are generally tied to the victim's device and allow the scammer to perform privileged operations, such as modifying personal details or login credentials, the report mentioned.