Hundreds of Fake iPhone Accounts Spread Social Scams
Security experts have warned users not to fall for scams and malicious content being spread by hundreds of fake iPhone social media accounts set up to capitalize on Apple’s latest smartphone release.
ZeroFOX claimed its filters have detected a whopping 532 fraudulent accounts aimed at spreading malicious links, urging users to hand over personal information, and share content.
PII harvesting is one of the most common tactics, providing hackers with enough info to hack users’ accounts or commit follow-on fraud.
“Dozens of these sites had similar redirect chains: first directing a user to a blog site, then redirecting to a fake survey which prompts users to enter personal details in order to claim their ‘free iPhone’,” explained ZeroFOX.
“For an attacker, social media can be abused to create a variety of accounts to promote the same payload, increasing the surface area and total exposure of the attack. Moreover, linking and commenting between accounts can make them appear more trustworthy from the perspective of would-be victims.”
The promise of free iPhones is also being used to lure victims into clicking on malicious links, the firm warned.
So-called “fame farming” was highlighted as yet another social media scam to be aware of. Typically, fraudsters will create fake accounts purporting to represent major brands, so they can quickly amass large numbers of followers, likes and shares.
Once the fraudulent account has reached a certain level of popularity, it can be used to launch attacks and other scams or could even be sold on the cybercrime underground, according to ZoneFOX.
These new threats aren’t particularly revolutionary, but the high price tag of the new iPhone 8/X models coupled with the trustworthiness of Apple’s brand make them particularly dangerous to unwary netizens, the firm concluded.
It urge users to switch on two-factor authentication for social accounts, ensure AV is up to date on all devices, beware unverified accounts, and to avoid downloading apps or files from social media.
Source: Information Security Magazine