Social media phishing attacks jumped by a massive 500% in Q4, driven by a huge increase in fraudulent accounts including many posing as customer support for big name brands, according to Proofpoint.
The security vendor revealed the findings in its Q4 2016 Threat Summary and Year in Review report.
It claimed fraudulent accounts across sites like Twitter and Facebook increased 100% from the third to fourth quarter.
Such accounts are used for phishing, malware distribution, spam and other ends. In fact, Proofpoint observed a 20% increase in Facebook and Twitter spam from Q3 to Q4, with the quarter recording the second highest spam volume in the year.
Yet it was a particular variety of phishing that caught the eye.
So-called “angler phishing” is a relatively new tactic in which the black hats register fake Twitter accounts that masquerade as customer support accounts.
They monitor the real support accounts for irate customer messages and then quickly jump in to send messages back to those users loaded with malicious links.
The tactic was particularly common among financial services and entertainment accounts, according to the report.
Elsewhere, the number of new ransomware variants grew 30-fold over Q4, and malicious email campaigns grew significantly, with Q4's largest campaign 6.7 times the size of Q3's.
Some of the biggest campaigns apparently involved hundreds of millions of messages dropping Locky ransomware.
However, there was some good news, with scams involving the spoofing of CEO emails sent to CFOs falling 28% in the final quarter.
This is partly because CFOs are more cautious about the veracity of such messages, but can also be linked to a 33% surge in DMARC implementation which helped to block attempts to spoof the CEO’s email address.
In addition, exploit kits remained at low levels of activity after some high profile Angler EK arrests in Q2, although large scale malvertising campaigns persisted, Proofpoint claimed.