Fake social media brand profiles increase 1100% from 2014-2016

Over a third of fraudsters engaged in “phishing” attacks, sending gullible victims to a page where they are asked to provide sensitive information like credit card numbers or logins and passwords.

And many fraudsters used a new impersonation “verification phishing” technique impersonating social networks, offering users their own “verified” accounts, and then asking them to provide personal information as part of the bogus verification process.

ZeroFOX, a leading social media security and digital risk monitoring SaaS platform has released information on brand impersonation, use of malicious links (especially bit.ly shortened links), hashtag hijacking and fake promotions in social media - it is not pretty. To call social media the “wild, wild, lawless west” would be a compliment when it comes to ethics and security.

{loadposition ray}

The ZeroFOX Research Team used the ZeroFOX Platform to detect social media impersonators across 6 different networks: Twitter, Facebook, Instagram, LinkedIn, Google+ and YouTube. The detection algorithms leveraged a machine learning-based approach that applied natural language processing and image recognition to measure the relative similarity between an impersonating profile and its would-be victim.

It found that verification phishing, paid advertisement phishing, and customer support phishing was rife but there were many more issues.

Verification phishing

Genuine accounts of popular brands and celebrities will almost always be adorned with a verification badge, usually in the form of a blue checkmark adjacent to the profile picture.

Scammers and phishing accounts imitate the networks themselves, claiming to be the authentic verification help account, directing would-be-verified-users to all sorts of malicious payloads. Most download a linked text file with Javascript code, then issue a keyboard shortcut command to open the Javascript console within the web browser. After copying the code from the file to the local clipboard, the victim is instructed to paste it into the opened console. The code then infects their browser with a malicious plug-in that hijacks Facebook session cookies.

Paid Advertisement Impersonators

Promotion is a service offered to social media marketers to display an ad to more users than just their followers and is the basis for revenue for most social networks. The payoff can be huge. The more scammers are willing to pay, the more the networks are inclined to distribute the post. For example, a post offering branded sunglasses at ridiculous prices could lure victims to provide credit card details and delivery information that is gold to cyber criminals.

Customer Support Impersonators

From product complaints, to account security issues, to undelivered packages; customers publicly express their discontent by using the company’s social media account. Companies have responded by forming rapid response teams whose dedicated purpose is to address such customer inquiries. But they aren’t the only ones.

Impersonators have latched on to the inherent trust that customers place in these support accounts. They disguise themselves as the authentic company officers to hijack innocent customer interactions and dupe them into clicking on a phishing link.

What can be done

ZeroFOX says these scams are not so easy to spot. A scammer can be in and out with the “loot” in minutes waiting for other victims. Impersonators also take advantage of the fact that social network content can be easily manipulated after-the-fact. Any post can be edited or deleted, profile fields can be modified, and friends can be unfriended at any time. These allow impersonators to cover their tracks following successful attack execution

Security on social media is rapidly becoming a top issue for security and risk teams. Other security companies echo this sentiment – Proofpoint recently told iTWire that phishing” attacks using social media sites increased 500% last year.