A rise in brand impersonation means bad actors can exploit user trust by intercepting communication with rogue social media profiles and expose them to malware, ransomware or credential harvesting sites.
Bad actors are exploiting this kind of behaviour by impersonating retail brand profiles and taking advantage of URL shorteners by using these to mask malicious sites. URL shorteners deter users from scrutinising URLs before clicking and the absence of URL transparency allows threat actors to take a user through a series of redirects before arriving at the intended destination potentially hosting malware or other unknown malicious content.
Increasing brand interaction
This is very much a growing problem: when asked, 72% of these people said they engage with retail brands more than they did two years ago. The top channels the public use to engage with or complain to brands are:
- Facebook (44%)
- Email (38%)
- Twitter (30%)
- Website (30%)
“There’s a growing trend of malware and ransomware attacks on social media and clicking any link without knowing the source is risky. The blue badge on Twitter or Facebook is easy to miss or ignore as the survey results show. On Facebook, a simple address is all you need to secure a grey badge for your business’ profile,” commented Ben Harknett, VP EMEA at RiskIQ.
Rise in identity fraud
Recent reports have highlighted a sharp rise in identity fraud with fraudsters trawling social profiles for personal information to use for malicious intent. However, the inherent trust of users on social media is making people vulnerable to a number of threats from identity fraud to ransomware.
When interacting with retail brands on social media, one in three say they don’t or don’t know whether they check for the blue verified badge. When engaging with retail brands, respondents say they check for:
- The verified badge (53%)
- The brand’s other Tweets/posts (42%)
- The brand’s replies to other people’s Tweets/posts (40%)
- Tweets/posts from other people (32%)
- The Twitter handle or Facebook URL (31%)
- The brand’s number of followers/likes (24%)
“We’ve been conditioned to spot the tell-tale signs of a scam when it comes to email, and we know better than to click on links from unknown sources. However, our interactions through social media take place “in the moment” and as a result, users are even more susceptible to the same kinds of scams that happen on other channels,” Harknett continued.
Top five tips for ensuring safety on social
- Where your communication involves personally identifiable information, chose an alternative method to communicate with a brand, e.g. official phone number, official email, trusted website
- Scrutinise the brand’s social page – how long has the page been active? How many followers or number of likes does it have? What are other people saying about that account?
- Be confident of the authenticity of a social account before clicking on a shortened link
- Check for the verification badge if a brand responds to your post on social media – there are many brands that don’t have them but it does provide a level of assurance when present
- Put your “email head” on and think twice before you act.