In the context of World Social Media Day, celebrated on June 30, Kaspersky warns of fraudulent websites created to steal users’ personal data.
Kaspersky experts warn of a wave of scams using social engineering and phishing techniques on social media and messaging apps to steal credentials and distribute malware. Taking advantage of the popularity of platforms such as WhatsApp, Facebook, Instagram, X, Telegram, and TikTok, cyber attackers are creating fake pages that mimic legitimate websites and promise everything from account verification to benefits like free followers or premium features. This situation is especially worrying considering the high level of digital exposure users face today.
Over the past year, Kaspersky has identified multiple fraudulent campaigns employing sophisticated tactics and widely recognized platforms to execute their attacks. These scams operate in a variety of ways, but they all have a common goal: to obtain users’ credentials or install malicious software on their devices. Below are examples of such schemes.
Fake verification pages: Users were led to websites mimicking WhatsApp and other app’s official interfaces. These fraudulent pages ask users for their phone number and the verification code received via SMS. With this information, cyber attackers could access accounts, take full control, and perform actions such as impersonating them, sending messages in the victim’s name, or accessing confidential information.
In the context of World Social Media Day, celebrated on June 30, Kaspersky warns of fraudulent websites created to steal users’ personal data.
Kaspersky experts warn of a wave of scams using social engineering and phishing techniques on social media and messaging apps to steal credentials and distribute malware. Taking advantage of the popularity of platforms such as WhatsApp, Facebook, Instagram, X, Telegram, and TikTok, cyber attackers are creating fake pages that mimic legitimate websites and promise everything from account verification to benefits like free followers or premium features. This situation is especially worrying considering the high level of digital exposure users face today.
Over the past year, Kaspersky has identified multiple fraudulent campaigns employing sophisticated tactics and widely recognized platforms to execute their attacks. These scams operate in a variety of ways, but they all have a common goal: to obtain users’ credentials or install malicious software on their devices. Below are examples of such schemes.
Fake verification pages: Users were led to websites mimicking WhatsApp and other app’s official interfaces. These fraudulent pages ask users for their phone number and the verification code received via SMS. With this information, cyber attackers could access accounts, take full control, and perform actions such as impersonating them, sending messages in the victim’s name, or accessing confidential information.
In the context of World Social Media Day, celebrated on June 30, Kaspersky warns of fraudulent websites created to steal users’ personal data.
Kaspersky experts warn of a wave of scams using social engineering and phishing techniques on social media and messaging apps to steal credentials and distribute malware. Taking advantage of the popularity of platforms such as WhatsApp, Facebook, Instagram, X, Telegram, and TikTok, cyber attackers are creating fake pages that mimic legitimate websites and promise everything from account verification to benefits like free followers or premium features. This situation is especially worrying considering the high level of digital exposure users face today.
Over the past year, Kaspersky has identified multiple fraudulent campaigns employing sophisticated tactics and widely recognized platforms to execute their attacks. These scams operate in a variety of ways, but they all have a common goal: to obtain users’ credentials or install malicious software on their devices. Below are examples of such schemes.
Fake verification pages: Users were led to websites mimicking WhatsApp and other app’s official interfaces. These fraudulent pages ask users for their phone number and the verification code received via SMS. With this information, cyber attackers could access accounts, take full control, and perform actions such as impersonating them, sending messages in the victim’s name, or accessing confidential information.
Fake shops on TikTok: This social network has also been the target of targeted attacks, especially through its TikTok Shop feature, which allows sellers to directly associate products with posted videos, making them easier to purchase. Taking advantage of this functionality, cybercriminals created fake sites that simulate being part of TikTok Shop, with the aim of stealing sellers’ credentials.
Fake security notifications: Cybercriminals sent alerts pretending to be from Facebook and similar platforms’ security teams, warning of suspicious activity on the user’s account. Through these notifications, they directed victims to phishing forms requesting their credentials. Once entered, the attackers could take control of personal profiles or manage pages, using them for scams, spreading malicious content, or extortion.
These situations reflect the real risks associated with using social media: exposure of personal data, loss of control over accounts, dissemination of false information, and threats to privacy. Despite the increase in these types of threats, users are not defenseless. With increased awareness, good cybersecurity practices, and the use of reliable protection tools, it is possible to significantly reduce the risk of falling victim to these scams.
“Social media and communication apps have become a part of our lives, but with their popularity comes cyber risks. With the rise of artificial intelligence-based tools, scams can be more believable and personalized than ever. Therefore, it is key to maintain cybersecurity awareness, develop critical thinking, and use robust cybersecurity solutions,” comments Seifallah Jedidi, Head of Consumer Channel for META at Kaspersky.
In celebration of World Social Media Day, Kaspersky experts recommend the following practices to reduce risks:
• Don’t click on suspicious links, especially those promising unbelievable offers, benefits, or services. These often lead to phishing sites where sensitive information such as passwords or banking details is stolen. Always verify the authenticity of the sender and the content before clicking.
• Be careful what you share: Information like pet names, important dates, or locations can be used by cyber attackers to guess passwords or design personalized attacks. Avoid sharing travel plans, financial details, or overly personal information.
• Use strong passwords and two-factor authentication: Choose unique and complex passwords for each social network, combining capital letters, numbers, and symbols. Also, activate an extra security option that many platforms offer: after entering your password, you will receive a code to your phone or email to confirm it’s you. This way, even if someone figures out your password, they won’t be able to log in.
