Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/21/2017
12:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Social Media Impersonators Drive Security Risk

A new pool of research digs into the fraudulent social media accounts, a growing threat to individuals and businesses.

The number of social media impersonators grew 11x between December 2014 and December 2016, a sign of a trend threatening businesses and individuals as fake accounts become easier to create.

This finding comes from new research by social media security firm ZeroFOX, which spent two years digging into impersonators using machine learning, natural language processing, image recognition, and other techniques to gauge similarities between fake and legitimate accounts.

"We were analyzing tactics and techniques, trying to understand their motives for performing different types of attacks," says Mike Raggo, chief research scientist at ZeroFOX.

ZeroFOX gained its insight from about 40,000 brand impersonators across six platforms: Facebook, Twitter, Instagram, LinkedIn, Google+, and Youtube. Nearly 1,000 were analyzed in depth; for some, researchers talked with criminals to learn about goals and methodologies.

Attacks span all platforms but are most popular on Facebook, Twitter, and Google+. Their goals vary, but most involve money. With phishing, Raggo explains, they could be seeking credit card information or social network data so they can hijack accounts and broaden their victim pool.

Impersonators employ several techniques: phishing, adware, malware, fraud, counterfeit merchandise, and "follow farming". Their habits are changing. In this research, Raggo explains, he was surprised to see an increase in impostors claiming to verify accounts.

"We saw a number of impersonators, across a number of different networks, exploiting the verification process," he says. Many claim to verify social media accounts for a price, and collect victims' credentials and credit card information in the process. The verification process varies across social platforms; some require fees and some don't.

Fake promoted ads are another trend to watch, he continues. Impostors create ads prompting users to click through to a malicious site. This was surprising, he continues, because social platforms typically require a vetting process for promoted ads. Impersonators can bypass the vetting process by using real brand logos and similar-looking merchandise.

The creation of successful fake accounts takes time and expertise. Many impersonators set up their accounts long before they attack, garner followers, then change their information before they weaponize the account. They continue adopting new names over time to avoid getting caught.

"We saw a lot of impersonator accounts were set up weeks or months in advance," says Raggo. "A lot of accounts had been set up for some time to build a following. Then they change multiple times, transcending multiple accounts or companies over time."

There are several ways impostors try to trick unsuspecting users. They employ link shortening so unsuspecting victims have no idea they're getting phished. They use cropped, flipped, or altered images from legitimate brands to make their false advertising seem real.

This research highlights an interesting challenge for businesses as they figure out how to stay secure in the age of social media. Most organizations are equipped to handle phishing, malicious links, and malware in email -- but how are they positioned to handle social media?

"This is more than a perimeter and endpoint issue," he says. "This is a problem within the cloud, outside the business networks." Perimeter and endpoint security can help squash some of these threats, but they can't tackle all attacks from social media impostors.

Businesses should be monitoring for impersonators, watching for instances of brand hijacking or ads selling counterfeit goods. Finding these accounts isn't easy; anyone can go out and use relevant social apps to create fake profiles.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8813
PUBLISHED: 2020-02-22
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2020-9039
PUBLISHED: 2020-02-22
Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).
CVE-2020-8860
PUBLISHED: 2020-02-22
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. T...
CVE-2020-8861
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue ...
CVE-2020-8862
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the ...