Categories of Social Media Attacks Based on Account Types

In social media platforms, attackers use to gather personal information of the user’s through various source. Attackers always look for the root to enter into a user’s account and gather personal credentials. The way the attacker gathers information is based on the user’s account and its type. Based on the usage and attack type, all these threats are categorised into different types. Below-mentioned example shows how these threats are affecting social network users:

  • Social media threats are surging: The number of fake accounts is increasing day by day and growing more than 300% from Q1 to Q2 in 2019 according to the report from Proofpoint. The process of spreading malicious content through fake account is quite different from others. The attacker always tries to gather personal information of the user by sending malicious links from trusted source. But these sources are not trusted. All these accounts are created by the attacker by collecting personal information of the user from the same or different networks (Liu, Wang, Zhang, Chen, & Xiang, 2017).
  • Family member phished on Twitter: In March 2017, one Twitter threat was detected in the form of phishing attack and targeted more than 10,000 people. One of them is an employee of US defence. Her wife operated the Twitter accounts, and through this, the attacker targeted her husband’s account by sending malicious links.

Categories of Online Social Media Attacks

The categories of social network attacks are based on the behaviour and way of hampering the user. All these categories are described next:

  • Impersonation attack (individual): The impersonation attack is also called profile cloning attack. This threat uses various fake accounts to hamper other users by stealing their personal information. Through this process, the attacker sends some malicious links to the user. When the user clicks on those links, they are redirected to other pages. This process is also used to spy other account in same or in different networks. One of the examples is the Russian government that monitored and controlled the activities of different social network accounts of the French president Emmanuel Macron.
  • Impersonation attack (brand): In some cases, attackers try to gather information of any industries or companies by sending malicious information to the group. By this activity, the attacker creates fake accounts in the name of customer support and spreads malicious links. When a user on the same or different network complains regarding any issue, they try to offer helps and leading the victim to danger (Agrawal, Wang, Sahoo, & Gupta, 2019).
  • Manipulation: To reach to the user and gather credential of those users, attackers try to send inflated clicks, likes, and shares through fake accounts. These activities encourage social network to prioritise these information and contents over other useful contents. Through this, the reputation of the fake account increases and the account holder easily gathers personal content.
  • Bots: Hackers always try to get shortcut methods to gain the user credential. The process of creating bot account is one of them. Sometimes these bots are human created and sometimes controlled by the systems called system-generated bot. The bot spreads automatically when someone clicks on this first time. The bot is also known as click fraud scam. Using this, the malicious content doubled every time and spread over the same or in different networks. Most of the time, the attacker also uses this to hijack accounts and infect them. Also, to stealing user credential, this method is widely used by the attackers over social platform.
  • Reconnaissance and spying: Nowadays huge information is available on social network platform. Based on the style of the network and account type, the information are spread by the user - information such as approximate work, working schedule, friends, contacts, family details, interest, hobbies, work history, and other details too. The intruder always tries to attack different people over the net through various ways (Varshney, Misra, & Atrey, 2017).

One of the most dangerous attacks is called spying. By this process, the attacker always follows the user over the network. A rich profile appears prepared for the attacker to use when creating malicious messages intending to tempt the person to click or share.

Malicious links (phishing and malware): Threats like phishing and malware on online social network behave similarly due to the usage of external link. The phishing links redirect the user to a malicious website. The behaviour of the spam either impersonates a specific brand to trick the user into entering login information or attempt to harm users’ credentials. Also, these threats steal personal information of the user and gather the user’s credential. Similar to phishing, malware also links to a malicious website. However, these threats can alternatively encourage users to download the payload via direct messages.

/ Link spreading techniques: Most of the time, these links are spread through external links and malicious websites. The information can be broadcasted through various ways:

  • Shared content: If a user’s account is hacked, the attacker uses it to spread the attack to the victims contact through shared content. This information is visible to the user account in a pop-up box. Shared content information are very dangerous for the normal users because of their awareness and system setting.
  • Comments: An attacker always tries to inject malicious content into popular conversation, often by replaying to some comments through hashtags. This the best w'ay for the attacker to conduct malicious activities is by replying to the specific person as w'ell.
  • Direct message service: It is one of the prominent features provided by the service provider to the social network users. By this feature, the user sends direct messages and reply to the other users in the same or in different networks. Basically, the user can send messages to the followers and friends in social platform.
  • Spear phishing and tailored attacks: One of the most sophisticated w'ays of cyberattack is called spear phishing attack. This type of attack can be done in every channel in social network platforms to hamper user credentials and account information. The hackers are improving the way of hacking using various tactics. They create a link cloaking principle to spread malicious information as links (Williams, Hinds, & Joinson, 2018).
 
Source
< Prev   CONTENTS   Source   Next >