Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:00 PM
Connect Directly

Social Media Fraud Spikes, Study Finds

Nearly 20% of social media accounts associated with ten major global brands are fraudulent.

Social media fraud is on the rise as cybercriminals have found a lucrative way to abuse corporate brands, according to report released this week by Proofpoint.

The study, which evaluated social media accounts of 10 global brands -- BMW, Capital One, Chanel, Amazon, DirecTV, Nike, Samsung, Shell, Sony, and Starbucks -- was conducted from April to June of 2016 and focused on major social media platforms including Facebook, Twitter, YouTube, and Instagram. Of the 4,840 social media accounts associated with the 10 top brands, an astounding 19% were fraudulent, Proofpoint found.

The research also revealed that 30% of the 902 fraudulent accounts were offers for counterfeit products and services, and 4% of these accounts were used for phishing for personally identifiable information (PII), malware, brand satire, and protest. 

The findings from this report weren't surprising to Ray Kruck, vice president of marketing and business development for Proofpoint Social Media Protection, citing that this is part of a broader trend his firm has seen over the last few years. He believes the market will likely begin to draw a correlation between social media fraud and increased corporate spending on social media.

Brands are looking beyond Facebook and Twitter to Instagram as well, because of the visual and interactive features, says Kruck. “By expanding the accounts, they’re exposing their brands across more threat factors, [making it] easier [for fraudsters] to maybe hide among all of the accounts,” he says.

Not only is social media brand fraud increasing, but the types of attacks on these platforms are getting more advanced. There are fewer classic attacks that occur via a bad link. “It’s much more about trying to use fake accounts to sell counterfeit services; trying to lure in an executive or employees to give up sensitive info about the brand,” he says. Some of the attacks involve social engineering as well, he says.

Meantime, the fastest-growing social media threat is phishing, where fraudsters pose as legitimate brands: that increased 150% from 2015 to 2016, according to the report.

One of the major security issues with social media is how the technology works and how people are connected -- especially the sharing of posts, which is an integral part of social media. It’s easy for a fraudulent post or account to get away from the brand owner when you have friends of friends sharing information. As you move further away from the actual brands, Kruck says, the harder it is to get a handle on who or what started the original malicious post. “It’s easier to fool a user that is getting shared something that is three degrees of separation from your brand,” he says.

To that point, Akino Chikada, senior brand protection manager for MarkMonitor, says that impersonation accounts can also be hard to track down because fraudsters are able to open an account for a brief period of time, maybe just three hours. They collect the information or money they’re looking for, and then shut down the account in that short timeframe. It’s low risk for the fraudster because it’s hard to track, she says.

While social media brand fraud is quite prevalent, Kruck says brands are beginning to take a proactive stance. “We’re seeing brands buy technology to give them a head start to see these risks,” he says. “[Brands are] being much more vigilant, especially with retail brands when they know that search engine optimization can be affected,”

They’re proactively contacting Facebook after identifying or having a customer identify a fraudulent account or post, he says. “They’re not just letting it sit there and fester.” 

Related Content:


Emily Johnson is the digital content editor for InformationWeek. Prior to this role, Emily worked within UBM America's technology group as an associate editor on their content marketing team. Emily started her career at UBM in 2011 and spent four and a half years in content ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.