Threat Intelligence Blog

Posted August 15, 2018

How many of you open a social media app within an hour of waking up? I’m guessing many of you, as there are currently more than two billion social media users in the world, and that number is likely to hit almost three billion by 2020. Whether it’s checking the news, keeping in touch with family and friends, or for business – the majority of us are using social media as an integral part of our daily lives.

Almost universal use of social media platforms makes it a prime medium for business communication. However, it also opens your organization up to potential brand violations, fraud, and impersonation. To illustrate the magnitude of the threat… In January 2018, it was reported that there were 48 million fake Twitter profiles, making up 15% of their overall accounts, and in late 2017 Facebook informed investors of 60 million fake profiles. These fake accounts can defraud businesses, ruin reputations, and cost organizations millions in damages.

Recently, we’ve seen more cases of organizations battling social media fraud making headlines.  TSB Bank in the UK was hit with an outage in July of this year leaving thousands of customers locked out of their accounts. As a result, these customers turned to social media to voice their complaints. The problem? This made them easily identifiable by scammers who impersonated the bank by sending them direct messages and emails asking them to provide confidential account information. In many cases, their social engineering tactics paid off, and they were able to get TSB customers to give up personally identifiable information and banking credentials.

TSB Bank’s CEO reported attempted fraud spiked to 70 times the normal level following the outage with 1,300 customers reported having money stolen from their accounts. Customers reporting phishing attempts increased over 1800% compared to the previous month. Their parent company claims the incident has already cost the organization $93 million.

This is just one of many cases in which social media is being leveraged in brand abuse.

Fraudsters are increasingly shifting their focus to  , instead of targeting online banking systems. As the use of social media and data sharing by consumers increase, their susceptibility to fraud increases as well. It’s no surprise that identity fraud has increased in recent years to an all-time high.

 

How can you protect yourself and your organization from social media fraud?

Using social networks comes with risk. Those who use social media have a 46% higher risk in account takeover fraud. What can you do to protect yourself and your organization from brand violations and identity fraud?

  1. Password Hygiene – Regularly update passwords ensuring that they are strong and unique. This will help defend your accounts from fraudsters trying to use your account to scam others for their personal information or acquire yours off of your account.
  2. Report Fraud – Whether it’s your personal or business account, be sure to report fraud as soon as it happens to ensure that these accounts are taken down. A compromised business account makes it that much easier for your corporate network to be breached.
  3. Beware of Phishing on Social Media – Phishing on social media has been so effective that 66% of spear phishing attacks on social media sites are being opened by their targets, compared to 30% of spear phishing via email. Before clicking any links, ensure that you are talking to the company or person you are intending to talk. Many brands have verified social accounts, but if they don’t or you want to be extra careful you are communciating with their official page, navigate to their website and click on their social links from there.
  4. Monitor Your Brand – Monitoring your brand is the best way to ensure your online reputation stays secured. While this can be a costly, time-intensive process that, depending on the size of your security team, could fall to the wayside, investing in monitoring now will prevent paying the price in the future.

Social media can be a key business tool, if handled correctly. Brand and reputation threats are often overlooked in favor of more traditional security threats. However, losing brand credibility can have a similar impact to your organization as a data breach. LookingGlass’ Brand Security-as-a-Service is a managed service that continuously monitors for real-time indicators of social media fraud, as well as monitoring of a plethora of open source sites that companies only monitoring social media might miss. In addition, you can tap into LookingGlass’ security expertise and longstanding relationships with Internet Service Providers and partner companies to quickly and effectively remove offending or malicious content, keeping your organization, your customers, and your brand safe. If you want to get on the right side of brand fraud, contact us.

Additional Posts

Deep or Dark Web?

Have questions about the differences about the deep or dark web, differences and challenges? An ...

You’re Only as Strong as Your Weakest Third Party

Are your third party vendors a ticking time bomb? Outsourcing corporate data management to third ...