Freely subscribe to our NEWSLETTER

“This is an example of “old phishers learning new tricks”. When you receive a DM within a service, there is a sense of community or legitimacy that comes with it, which gives the attackers a better chance of catching their target off guard. It is therefore crucial that all online activities are scrutinised by users, not just the more typical attack vectors such as email.

Whenever you are presented with something giving you pressure of time or indicating that you may lose access to something of value, always pause and check via an independent means whether this insinuation could be correct or if it is simply trying to trick you. Be sure that you control who is able to send you direct messages, and that any other security features are enabled, such as multi-factor authentication. Usual best practice applies too in terms of never reusing a password between platforms, and always using a password manager to generate and store secure passwords.

Sadly, the tools and techniques used by attackers never weaken, they only grow stronger, so this growth in phishing attacks across multiple services isn’t surprising. It is also a big problem for SMS messages and other forms of IM/DM. As industry specialists, we are working with various key vendors to help them build better phishing protection into their products and services – this will eventually provide much broader and deeper protection for users, but as with all of cybersecurity, this is an arms race and there is sadly no end to criminal misuse of online services in sight.

For organisations, ensure that you are regularly training your users so that they are aware of new attack techniques such as this. By protecting your staff in their personal lives as well as in their work, you will gain much stronger and more capable assets for your organisation. Back up such security awareness training with regular phishing simulations, to ensure that the messages are truly hitting home.”