Quick tests, which are often shared by friends on Facebook, can hide phishing scams and steal data from users. The new scam method was confirmed by cybersecurity company Akamai Technologies last week, in a report prepared by researcher Or Katz.
READ: The ten most common types of phishing
The research team monitored 689 fraudulent social media campaigns, which misused the names of 78 companies to capture user data. Criminals lure victims with short quizzes in order to steal personal information, such as e-mail, home address and phone number. Despite not being a new practice, the study shows that the threat is being reinvented and, consequently, becoming increasingly dangerous.
Rapid tests shared on Facebook may contain phishing Photo: Divulgao / Kaspersky Lab
Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo
How the phishing scam works
Phishing is an English term that refers to fishing. For this reason, the name is given to the scam that uses technological baits to hook inattentive users and collect their personal information. In the campaigns analyzed by the researcher Katz team, the victims were invited to answer the tests out of curiosity or for the promise of gifts at the end of the questionnaire. After the questions, personal data was requested to complete the form.
To inspire credibility, phishing campaigns use tactics that researchers have called "phishing kits". Criminals create websites with logos and brands from famous companies, use fake profiles to legitimize and publicize tests on social networks, among other strategies.
A sample of the screens reveals that there was also an aesthetic standard on the sites that participated in the scheme Photo: Reproduo / Akamai Technologies
The study also identified a high rate of sharing of these tests on social networks, which provides an increase in the number of victims of the scam. They found that the calls to participate in the tests have a sense of urgency, such as, for example, stating that the prize is limited and that it is necessary to respond soon to guarantee the gift.
How to protect yourself from the scam
Phishing campaigns are varied and are present on the Internet in different ways, such as payment collection emails or fake websites that pass through authentic online portals. However, there are some simple measures to avoid being a victim of this type of crime. One of them must be very careful before clicking on any link, especially when the test call has an alarmist tone.
Also, be wary of tests that promise discounts, awards or other types of benefits. If the name of a brand you trust appears, it is worth checking if the promotion really exists on the website or on the company's official social networks.
Any suggestion of an anti phishing free? Exchange tips in the TechTudo forum.
What ransomware: five tips to protect yourself