Social media fraud is on the rise as cybercriminals have found a lucrative way to abuse corporate brands, according to report released this week by Proofpoint.
The study, which evaluated social media accounts of 10 global brands -- BMW, Capital One, Chanel, Amazon, DirecTV, Nike, Samsung, Shell, Sony, and Starbucks -- was conducted from April to June of 2016 and focused on major social media platforms including Facebook, Twitter, YouTube, and Instagram. Of the 4,840 social media accounts associated with the 10 top brands, an astounding 19% were fraudulent, Proofpoint found.
The research also revealed that 30% of the 902 fraudulent accounts were offers for counterfeit products and services, and 4% of these accounts were used for phishing for personally identifiable information (PII), malware, brand satire, and protest.
The findings from this report weren't surprising to Ray Kruck, vice president of marketing and business development for Proofpoint Social Media Protection, citing that this is part of a broader trend his firm has seen over the last few years. He believes the market will likely begin to draw a correlation between social media fraud and increased corporate spending on social media.
Brands are looking beyond Facebook and Twitter to Instagram as well, because of the visual and interactive features, says Kruck. “By expanding the accounts, they’re exposing their brands across more threat factors, [making it] easier [for fraudsters] to maybe hide among all of the accounts,” he says.
Not only is social media brand fraud increasing, but the types of attacks on these platforms are getting more advanced. There are fewer classic attacks that occur via a bad link. “It’s much more about trying to use fake accounts to sell counterfeit services; trying to lure in an executive or employees to give up sensitive info about the brand,” he says. Some of the attacks involve social engineering as well, he says.
Meantime, the fastest-growing social media threat is phishing, where fraudsters pose as legitimate brands: that increased 150% from 2015 to 2016, according to the report.
One of the major security issues with social media is how the technology works and how people are connected -- especially the sharing of posts, which is an integral part of social media. It’s easy for a fraudulent post or account to get away from the brand owner when you have friends of friends sharing information. As you move further away from the actual brands, Kruck says, the harder it is to get a handle on who or what started the original malicious post. “It’s easier to fool a user that is getting shared something that is three degrees of separation from your brand,” he says.
To that point, Akino Chikada, senior brand protection manager for MarkMonitor, says that impersonation accounts can also be hard to track down because fraudsters are able to open an account for a brief period of time, maybe just three hours. They collect the information or money they’re looking for, and then shut down the account in that short timeframe. It’s low risk for the fraudster because it’s hard to track, she says.
While social media brand fraud is quite prevalent, Kruck says brands are beginning to take a proactive stance. “We’re seeing brands buy technology to give them a head start to see these risks,” he says. “[Brands are] being much more vigilant, especially with retail brands when they know that search engine optimization can be affected,”
They’re proactively contacting Facebook after identifying or having a customer identify a fraudulent account or post, he says. “They’re not just letting it sit there and fester.”
- Anatomy Of A Social Media Attack
- How To Prepare For A Data Breach
- The Real Reason Phishing Works So Well