Social media

Summary

Attackers are delivering phishing links via social media platforms like LinkedIn, Facebook, and X, as well as message boards like Reddit and Discord — essentially, anywhere you can be contacted directly by an unknown sender.

By nature, social media apps are typically accessed via personal accounts and are designed to enable users to communicate outside of the organization, but may still be used for work purposes and accessed from corporate devices. This makes them one of the easiest and least-monitored vectors for external attackers to reach corporate targets.

Users expect to engage with, and be contacted by, individuals outside of your organization, increasing the likelihood of engagement with malicious links.

In many cases, these apps straddle our business and personal lives and can expect to be accessed from corporate devices for work purposes.

Examples

• Example 1: LinkedIn “dream job” lure to steal $540M from Axie Infinity — North Korea’s Lazarus Group pulled off a $540M cryptocurrency heist by LinkedIn spear-phishing.
• Example 2: Facebook/Meta support impersonation scam — Group-IB found 3,200+ fake Facebook profiles in Feb–Mar 2023 impersonating Meta’s support team. Scammers publicly posted urgent warnings tagging page owners (businesses, influencers, etc.), claiming their account would be blocked unless “verified.” The posts included links to phishing sites mimicking Facebook/Meta login pages.