Cybercriminals shift focus to social media as attacks reach historic highs

A new report from Gen highlights a sharp rise in online threats, capping off a record-breaking 2024. Between October and December alone, 2.55 billion cyber threats were blocked – an astonishing rate of 321 per second.

The risk of encountering a threat climbed to 27.7% in Q4, with social engineering attacks accounting for 86% of all blocked threats. This underscores the increasingly sophisticated psychological tactics cybercriminals are using to deceive victims.

“We’re continuing to see scam-related threats becoming far more dangerous as they hide, sometimes in plain sight, throughout every aspect of our digital life,” said Siggi Stefnisson, Cyber Safety CTO at Gen. “This quarter we saw them prey on people’s emotions, such as the need to shop on budget during the holidays, the desire to find love during the end of the year, the hope for change during government elections and more. And, unfortunately, this is resulting in people continuing to lose money and control over their personal information. In 2025 we only expect these risks to increase as the rise of AI-powered systems and devices will mark the next frontier for cybercrime.”

The dark side of social media

Phishing attacks surged by 14% in Q4 2024, with cybercriminals exploiting website-building platforms like Wix to create convincing fake sites and spoofing brands like Apple iCloud through fraudulent invoice scams. Malvertising also remained a dominant attack vector, accounting for 41% of all blocked threats in the quarter, fueling scams and malware distribution.

Social media platforms remained prime targets for attacks as 2024 drew close. Facebook led the pack, responsible for 56% of all identified social media threats. YouTube followed at 24%, while X accounted for 10%, with Reddit and Instagram each representing 3%. On messaging platforms, Telegram emerged as a high-risk environment—despite WhatsApp’s more extensive user base, Telegram saw six times more cyber threats. Scammers increasingly exploit the platform’s enhanced privacy features, making their activities more difficult for authorities to track.

The ways that scammers use social media vary with different people and use cases for the platforms. Researchers found that the main ways people were scammed across social media were:

• Deceptive online ads (Malvertising) (27%): These deceptive ads spread malicious software onto the device being used or redirected people to malicious websites that can do the same.
• Fake e-shops (23%): People are lured by fraudulent online stores, also exposing personal and financial data.
• Phishing (18%): Scams aimed at stealing sensitive information like credit card numbers or passwords.

Social media is quickly turning into a playground for scammers to leverage platform algorithms, AI, and personalized interactions to scale their attacks faster and more effectively than ever before.

Surge in financial scams

October through December marked the year’s most active quarter for financial scams, with mobile phones serving as a primary attack vector. Leading this trend were:

The largest deepfake crypto scam: The infamous CryptoCore group, known for hijacking YouTube accounts to promote their crypto scam campaigns, capitalized on the US Presidential Election. They used deepfake videos featuring figures like Elon Musk to steal over $7 million from its victims. This marked the largest attack of its kind.

Mobile banking trojans: New mobile bankers, phone applications designed to steal banking information, launched in Q4/2024. This included DroidBot which used remote access capabilities to go after banking details and crypto wallets. Another was ToxicPanda that disguised itself as Visa, dating apps and Chrome. The well-known BankBot banker saw infections rise by 236% compared to Q3/2024.

Spyware and SpyLoans: Malicious apps promising quick money with high interest rates and predatory repayment schedules also surged this quarter. Once installed, these apps request access to SMS messages, photos and other sensitive information, allowing them to spy on the victim. After a few weeks, the victim faces extortion and threats of their private data being published unless they pay the cybercriminals. A new spyware strain disguised as a body mass index (BMI) calculator spread via the Amazon App Store, a novel distribution tactic reflecting the rising number of official Android app stores.

Personal data

Personal data loss continued to pose a high risk of identity theft and loss of privacy for consumers. Scam yourself attacks, such as ClickFix and FakeCaptcha, grew rapidly. In Q4, Gen blocked attacks targeting 4.2 million individuals, a 130% increase from the previous quarter. These campaigns use psychological manipulation to deceive people into copying and executing malicious code, potentially leading to financial fraud, account takeovers or malware infections.