Social Media Phishing Scams

In the first six months of 2021, Social Media phishing attacks against businesses rose 47% and with more than 3 billion users globally, social media platforms will be an ever more tantalizing target for phishing attacks and other scams.

Part of what makes Social Media Phishing scams so effective for criminals and so dangerous for individuals and organizations is the social media environment is one where we feel we are surrounded by friends and trusted associates. Where we are encouraged to share details of our lives and careers in real-time. This relaxed environment makes it easier it is for cybercriminals to cultivate an error-prone mindset.

To counteract the growing threat of Social Media Phishing attacks, we need an optimal mix of security best practices and mindful awareness.

First, use the privacy controls on personal and business social media accounts to keep Personal Identifying Information out of public view. This includes information about your:

  1. Location
  2. Full name
  3. Contact Information
  4. Published posts
  5. Lists of friends, family, or business connections


Cybercriminals can and will use all of these things to increase the efficacy of their attacks.

Second, take what you have learned from the SLAM method and adapt it to the social media environment. SLAM stands for Sender, Links, Attachments, Message, and we’ve learned to look closely at each one of these components to gauge whether or not an email, text, or other message might be the bait in a phishing scam.

When it comes to the Sender, don’t accept message requests from outside your trusted network of friends or connections, and don’t accept friend requests from anyone you don’t actually know.

Do not click on any Links in social media posts, profiles, or messages unless you can see the full URL and be certain that the site is legitimate.

Never download or open Attachments from social media posts, profiles, or messages.

Look carefully at the body of any social media Message or post that you are interacting with.

If it feels off, contains misspellings, odd grammar, or even uncharacteristic emojis, you might be looking at a phishing attempt.

Be especially wary of messages that push you to take some urgent action or another. The social media environment is here to stay and with a few security best practices and a little awareness, it can be a safe, fun, and productive space for individuals and businesses alike.

Content credit: PII Protect

If you don’t already have cyber security training in place, we’d love to help.

Like this article?