Threat Intelligence Blog

Posted January 7, 2016



By Olga Polishchuk

Social media platforms have quickly grown into global communities and a pop culture phenomenon. However, they’re also becoming more popular among bad actors seeking to take advantage of users’ trust, impulsiveness, and naïveté to create fake social media accounts. More than just a nuisance, imposter accounts can seriously affect your personal or organization’s brand and reputation.

Instagram, Twitter, and Facebook are all rife with imposter accounts. In the age of the Twitter feud, no one wants to get caught in the middle of a fight because of something they didn’t say, or be attributed to advocating for something in which they don’t believe. Or, worst-case scenario, to be the subject of online harassment and hate speech due to something posted on a fake account. Celebrities who have fallen victim to fake Instagram and Twitter accounts include Rihanna, William Shatner, Kristen Stewart, Ed Sheeran and Nick Saban. Well-known brands like Tiffany & Co have also dealt with this on Facebook.

One of the questions we often get from clients is, “Why are people doing this? What do they have to gain?” Some impersonators create fake accounts simply to increase their number of followers, which is what happened to the brand Michael Kors when scammers offered free gift cards to the first 8,000 followers of the false account. Other imposters have more nefarious motives. In the case of Ghanaian actress Nadia Buari, a fake Instagram account using her name, identity, and status was used to bilk funds from fans. However, often times scammers create fake accounts so they can gather information about their followers to create more elaborate fraud and social engineering schemes for the future. Once they’ve built up an audience, they will see the account to fellow criminals, giving them access to the followers’ personal details, friends lists, and more. All of this information can be used to compromise banking or corporate accounts.

Imposter social media accounts can also be a tip off to bigger phishing and fraud schemes already underway. For instance, scammers can prey on Facebook users by creating fake pages associated with Facebook apps or games and requesting personal or account information; offering to sell game credits, digital goods, or “coins” at a discounted price; promoting other fake campaigns; or offering goods for free in exchange for personal information.

Online impersonators serve as a caution about the risks of brand infringement and oversharing on social media. Fake profiles can misrepresent businesses or post defamatory remarks that can tarnish a brand’s name. Organizations that do not continuously monitor their online brand presence are at risk of such impersonation. High-level executives can also face the same issues as they are often targeted for fake accounts. In one instance, a high-ranking military officer discovered more than 700 fake LinkedIn profiles that were using his name and photo to lure people into connecting with the impersonators. The goal was to gain access to confidential information from legitimate connections, or in some instances, to defraud victims who were tricked into thinking that they were in a long-distance online relationship with him.

Until social media platforms can find a way to efficiently prevent and delete fake accounts, one of the best ways to be proactive about this risk is to prevent the misuse of the brand through education and training of your employees, as well as consistent monitoring of your company’s brand and your personal accounts. An overall good social media practice is to remain vigilant about your social media activities, stay abreast of ever-changing social media privacy settings, and avoid re-using the same password across multiple sites.

Contact us to learn more about our brand detection services to protect your brand and image.

Additional Posts

Weekly Phishing Report – January 11, 2016

Phishing Report: Top Targets Week of January 3 - 9, 2016 Author: Robert McDaniel In this week's ...

Cyveillance Weekly Threat Intelligence Brief: January 5, 2016

We publish this weekly threat intelligence brief keep you informed on the latest security ...