Phishing for Information- Part 2

Phishing for Information- Part 2

Previously we touched on how emails can be a hotspot for cybercriminal activity. As we continue to be more innovative with our technology, scammers have gotten more creative with phishing schemes, causing scams to pop up on other platforms, specifically social media. 

What is Social Media Phishing?

Out of the 7.7 billion people and counting in this world, 3.5 billion are on social media. With so many users out there, hackers and scammers are turning to social networking sites such as Facebook, Twitter and Instagram to obtain sensitive personal information from vulnerable individuals. 

Scammers love social media. 

Unlike emails, social accounts are not overrun by marketing messages or spam. Social media is a more trusted environment for users, leaving them more likely to interact with someone they don’t know, or click on something they probably should not have. The younger the user, the more likely they are to be targeted.

Let’s look at the facts...

Due to the vast number of users online, the number of social media attacks has skyrocketed since 2017.

  • Social media phishing has jumped 500%
  • 20% increase in social media attacks on Facebook and Twitter
  • 100% increase in fraudulent social accounts
  • 150% increase in phishing attempts on social media

Common Social Media Scams

There is a large sum of hoaxes used on social networking sites to swindle information or money from users. Here are the most common ones:

Sugar Baby

If it sounds gross, it probably is.  Yes, we did say “Sugar Baby,” and yes, these relationships are usually sexual. This particular scheme is used by scammers on all platforms, but more often than not are found on Instagram. The scam begins by users (typically men) reaching out to (typically younger) women and offering to pay off credit card debt, student loans or gift money in return for a companion. 

Once the individual agrees, they receive compensation into their accounts by “the Sugar Daddy.” Icky, we know!   The Sugar Daddy usually requests the Sugar Baby to purchase gift cards and send codes. When the codes are received, the gift cards are drained of funds. The Sugar Daddy then disappears with his money, leaving you responsible for the original balance, and the new gift card balance.

If someone refuses to cooperate, it can result in blackmail, sextortion, and/or abusive and threatening messages from your new “friend.” 

Social Fishing

Direct messages are at the center of some of the more dangerous phishing schemes due to the ability to accept direct messages from anyone, including strangers. The messages delivered often contain a link partnered with information to coax you into visiting that URL. 

Following clicking on the link, you are lured to a site that either requests your personal information, or infects your device with malware. The word malware is a combination of two words, malicious and software. It is an umbrella term that describes any program or code that is harmful to systems. 

Once the malware has entered the bloodstream of your electronics, it dispatches messages to your followers or contacts consisting of the link originally clicked on. Since the message is conveyed by someone you know, the URL is more likely to be clicked on causing the repetition of this  vicious cycle. 


Common advertisements that generally appear hidden between posts throughout your Facebook feed invite the user to participate in a quiz. With catchy headlines such as “If you were a dog, what breed would you be?” or “What does your favorite color say about your future?” it’s hard to resist the click. 

While you are busy determining which Hogwarts House you belong in, you are dispensing information from your profile to third party developers who use your data to sell your information on the sly or attempt to persuade you to purchase something.


As you scroll past quizzes you have now learned to avoid, you may be trapped into clicking on a clickbait campaign. Scammers put a great deal of time to make sure these campaigns have an alluring effect on users. They often use scandalous headlines, viral videos or increasingly popular news articles. 

Within one click, you are taken to a fake screen asking you to log into your social media account once more, to access the article you’re just dying to read. When the information has been entered, hackers gain entrance into your login credentials and profile material.

How can you avoid the con that is Social Media Phishing?

A breach into your social accounts is difficult to prevent, but there are measures to take to prevent maximum damage. 

  • Limit what you share- Restricting the amount of information put online about yourself gives scammers less opportunity to steal sensitive data. On a majority of platforms, only certain elements need to be filled in. Anything optional should remain optional. 
  • Two-factor authentication- As discussed previously in SGS’ Phishing for Information Part 1, using two-factor authentication requires an account connected to your email or phone number. When logging in you will have to enter a code received from one of those two places. This is a simple way to prevent someone from gaining access to your details that shouldn’t have access. 
  • When in doubt continue to doubt- Trust is earned and online it should be harder to fulfill trust. Content may be coming from someone you know but that doesn’t mean it is believable. 
  • Awareness- If you notice a scam going around online share it with your followers. Keeping online safe for everyone should be a top priority. 

What can you do if you fall for a Social Media Phishing Scheme?

Similar to the steps you would take if you fell for an email scam, you must act as soon as possible to help persevere your privacy. 

  • Shutdown- Turn off the computer or handheld device you are using. If it is not turned on, you can stop hackers from getting into the hardware. 
  • Change Passwords- Using a different computer or electronic device log into social media accounts, email accounts and bank accounts. Once you’re logged in, change the passwords. Make each password a difficult combination of numbers, letters, symbols and random capitalization.  Don’t forget to write it down and keep the log in a safe place. 
  • Alert- Notify your bank and credit card companies, but don’t stop there. Contact tech support on the social sites you inhabit so they can protect your personal information and prevent this from happening to others. 

This information does not guarantee online safety and is provided as a courtesy of Smart Gen Society.  SGS is not legally responsible for your family's digital planning or safety.