Any company that tries to sell a product or service will experiment with several different approaches until they find one that is successful. Unfortunately, this same strategy is now being used by scammers to find the best content for a phishing email that will deliver a ransomware payload.
According to a recent NPR report, Facebook is one of their favorite testing grounds.
Have you seen posts on this platform with a photo of a wounded veteran or a happy dog with the caption “Can I get one like?” Did you follow the instructions of posts that tell you to look at a photo, then close your eyes and look at it again to see something different?
Any post that is not from one of your friends or family members, that attempts to elicit an emotional or sympathetic response, or that seeks to induce a click, may be generated by artificial intelligence (AI) to assess the level of engagement. Similar posts are now appearing on other sites as well, including Threads and LinkedIn.
One would hope that Facebook and other platforms would discourage such practices, but actually, the opposite is true. Many of these posts are promoted onto user feeds, where they can generate millions of interactions.
Where is the Risk?
There is no obvious financial motivation for these posts – they don’t solicit donations for a cause or to help someone in need. That may be why most view them as innocuous – a momentary distraction, and perhaps even one that will coax a “like” or a response.
But what these posts are doing is testing the limits of what people will believe to be authentic. It doesn’t take a computer genius to create AI-generated content on any topic or create photos of things that never happened. What will get someone’s attention? What will they accept as real?
Armed with the results of this “research,” scammers can gauge how far is too far to elicit the response they desire in a phishing email. Facebook offers a convenient opportunity to broadly test what people will believe or what attracts them, and those are the words and images that will be used in effective phishing scams.
There’s not much you can do about these posts – it will be up to the social media platforms to address them. But you can lower your likelihood of becoming a victim of one of these phishing emails by being more vigilant about every email you receive –even those that appear to come from someone you know.
How Organizations Can Lower Their Ransomware Risk
Companies and organizations with hundreds of thousands of employees are prime targets for ransomware, especially in industries such as financial services and healthcare. Too many people rely on the services they provide, which makes a ransomware payment more likely.
Every employee at these organizations is a potential phishing target. All it takes is one click from one work computer to deliver ransomware that will result in lawsuits, loss of reputation and public trust, and reparations that could total millions.
That is why forward-thinking organizations are investing in online privacy protection.
Phishing scams are fueled by information – about our families, our likes and dislikes, our travels, our political opinions, etc. All of this content is easily accessible online, and can be customized into phishing emails that seem authentic. Removing this personal information about your personnel will persuade scammers to look elsewhere for their next target.
With IronWall360, you can erase personal information about yourself and your employees from the vast expanse of the internet. Our suite of tools not only shields your personal information it also masks your phone number, email, and browsing history, providing you with comprehensive protection against unwanted surveillance.
Take charge of your digital life with IronWall360, where we prioritize your security and privacy above all else. Arm yourself with the most advanced online privacy solutions available and free up your personnel to browse, communicate, and interact online without fear.
Protect Your Organization Now
