Phish Bait – Art of baiting

November 29, 2017
Phishing solutions

Clickbait Scam

Getting tricked is the classic way of how criminals try to take advantage of people they want to steal from, and click baiting is one of the cyber classics to do it. With accompanied technical knowledge the success rate of hackers and criminals has shoot up and they became more productive and active on doing it.

People has to be more careful when it comes to clickbait, because it has been socially engineered to improve their success on someone clicking a scam link leading to a scam site by spamming both generic and personalized email. Personalizing click bait email has a higher success rate, but now that people are also more aware of it the success rate of course was lessened, however criminals found an alternative way to spread click bait for their phishing activities.

Social Media Clickbait

Spear phishing still has a high percentage rate of success which clickbait method falls into. Now that the social media platform has become more popular these days, criminals are taking advantage of it to look for their prey.

It is somehow a phenomenon that people these days are more trusting to social media outlets such as Facebook, and Twitter. One proof is that most fake news articles were propagated through these social media platforms where catchy and interesting phrases, and headlines were used to lure people and click the link to be taken to a site which hosts a fake content.

Criminals now use social media platforms and spread their activities through clickbait by handcrafting catchy tweets and posts by manually looking for targets. But it is also possible to hunt their targets with specific profiles such as titles with CEOs and other executive positions, or by looking into people who are active users by writing a program that could data mine users’ tweets and posts by doing a search on the whole website. Hashtags in social media platform are filterable and searchable, through these they can be mined into raw data to be analyzed and become a potential target.

It is also possible that mined data can be used to feed it to a machine learning system to generate tweets or posts that would more likely get the attention of group of people to retweet/repost it or click the link within the tweet/post. Imagine an AI that can create viral posts and tweets.

Combining the techniques above through profiling and socially engineering posts and tweets, criminals could potentially become more productive and rampant as ever to be used for phishing and scam attacks.

See the photo blow:

Phish Bait - Art of baiting

What to do?

Most likely, sophisticated attacks such as mentioned above targets the elites and gullible enough to click on a phishing link. Fodder targets are those people who spread through retweets and reposts in order to make a certain click bait post popular.

Since the attacks are sophisticated, a sophisticated phishing solution must be used to counter and mitigate such attacks. Having a team/department equipped with Phishing intelligence and Anti Phishing solution strategies will be a big help in battling the more immersive threat of in the cyber landscape.

About the author

Leave a Reply