In the first six months of 2021, social media phishing attacks against businesses rose 47% and with more than 3 billion users globally, social media platforms will be an ever more tantalizing target for phishing attacks and other scams. Part of what makes social media phishing scams so effective for criminals, and so dangerous for individuals and organizations, is that the social media environment is one where we feel we are surrounded by friends and trusted associates – where we are encouraged to share details of our lives and careers in real time.

This relaxed environment makes it easier for cybercriminals to cultivate an error prone mindset. To counteract the growing threat of social media phishing attacks, we need an optimal mix of security best-practices and mindful awareness. First, use the privacy controls on personal and business social media accounts to keep Personal Identifying Information out of public view. This includes information about your:  

• Location 
• Full name 
• Contact information 
• Published posts 
• Lists of friends, family, or business connections 

Cybercriminals can and will use all of these things to increase the efficacy of their attacks. Second, take what you have learned from SLAM method and adapt it to the social media environment. SLAM stands for:  

• SENDER 
• LINKS 
• ATTACHMENTS 
• MESSAGE 

And we’ve learned to look closely at each one of these components in order to gauge whether or not an email, text or other message might be the bait in a phishing scam. When it comes to the Sender, don’t accept message requests from outside your trusted network of friends or connections and don’t accept friend requests from anyone you don’t actually know.

Do not click on any Links in social media posts, profiles or messages unless you can see the full URL and be certain that the site is legitimate. 

Never download or open attachments from social media posts, profiles or messages.

Look carefully at the body of any social media message or post that you are interacting with. If it feels off, contains misspellings, odd grammar or even uncharacteristic emojis, you might be looking at a phishing attempt. Be especially wary of messages that push you to take some urgent action or another. The social media environment is here to stay and with a few security best-practices and a little awareness, it can be a safe, fun and productive space for individuals and businesses alike.