Cyber crime has reached a new battlefield – social media platforms. Just as companies seek new opportunities to reach their target audience, so do cyber criminals. According to Proofpoint’s recent Social Media Brand Fraud Report, 19% of the 4,840 social media accounts associated with ten top worldwide brands were fraudulent.
Identikit fraudulent social media accounts
Carefully crafted, bogus accounts can be difficult to distinguish from legitimate ones. They replicate the brand account as much as they can, mimicking the logo, look and feel, and even content. The only difference is in what they propose to the audience: customer service at odd times, discounts, free gifts, and deals that are too good to be true. As the report says, ‘the only difference might be something as small as one character in the Twitter handle, such as @askmajorbank vs. @ask_majorbank’.
Although social media platforms like Facebook, Twitter and Instagram have implemented an account verification service – the blue checkmark badge next to the account name – cyber criminals have become even smarter and can replicate the badge in their background image to fool customers. However effective account verification is, it doesn’t extend to posts or tweets and fraudsters know this all too well.
The 7 different types of fraudulent accounts
The research identified 7 different types of bogus accounts:
- Phishing accounts
These bogus accounts are replicas of official brand products and customer support accounts. They trick customers and users into revealing their account login credentials, credit card numbers and other sensitive information that will later be used to steal money. This kind of scam is known as angler phishing. Read more in this post >>
- Malware accounts
These invite users and customers to click seemingly innocuous links that actually infect their devices with malware and ransomware. Fraudsters aim to obtain information stored on users’ devices in order to sell that information on the black market or even keep devices hostage in exchange for a ransom.
Through promotions and discounts, which are usually too good to be real, fraudsters collect the credit card numbers of inattentive users and customers whose greed blinds their ability to recognize that the deal is actually fraudulent.
- Counterfeit accounts
By promoting knockoff or fake versions of famous brands’ products, these accounts damage brands’ reputation and image, and the quality of real offers, not to mention the customers’ trust. 11% of fraudulent accounts identified by the research belong to this category.
- Advertising accounts
These fake brand profiles exploit brands’ identity to drive visitors to junk websites which then spam them with ads and adware.
- Brand satire and protest
These fraudulent pages are created to generate hate speech, embarrass brands and threaten customers.
Pornographers exploit brands’ popularity (based on number of followers) to distribute adult content and damage brand image and customer retention.
How to recognize phishing scams and stay safe
Spotting the bait might be difficult if you don’t know the different tricks and scams developed by fraudsters and how to recognize them. That’s why IT Governance’s Phishing Staff Awareness Course comes in handy. This elearning course provides you with the basic understanding and knowledge of what phishing attacks are and the different types you might encounter, and gives you tips and best practice to follow so that you can avoid the bait and stay safe and sound online. The course is taught through engaging activities and questions, and includes a final test to assess your understanding of the topic (which you can repeat until you achieve the pass mark).
Get to know phishing scams: invest in your security by attending the Phishing Staff Awareness Course >>
If you think your colleagues might benefit from attending this course, why don’t you tell your line- or HR-manager? Your company will benefit from reduced cyber risk, too.