We’re over a decade into the social media era and it’s still the Wild West out there, with all kinds of criminal activity going basically unchecked.
At least that seems to be the message of a new report from social media security outfit ZeroFOX, which studied online impersonation and found that the number of fake social media profiles created for fraudulent purposes increased 1,100% from 2014 to 2016, including bad actors on Facebook, Twitter, Instagram, and YouTube.
Worse still, fake brands are a favorite disguise for impersonators, who exploit consumers’ trust to the detriment of the real brands.
The report, based on ZeroFOX’s analysis of around 40,000 fake profiles over two years, found that around half of the scammers chose to impersonate a brand to deliver fake coupons or invite consumers to participate in bogus giveaways.
Over a third of social media impersonators were engaged in “phishing” attacks, sending the victims to a page where they are asked to provide sensitive information like credit card numbers or logins and passwords.
In a rather ingenious development, a new impersonation “verification phishing” technique involves fraudsters impersonating the social networks themselves, offering users their own “verified” accounts, and then asking them to provide personal information as part of the bogus verification process.
Another new technique used by some fraudsters involves “ad phishing,” with some of the profiles masquerading as verified corporate accounts actually buying ads on the same social networks to propagate the scams.
Once they have established initial contact, criminals also try to steer victims to other channels like email, direct messaging, or even another social site, thus minimizing the digital “paper trail” on any single platform.
The ZeroFOX report echoes the conclusions of another online security firm, Proofpoint, whose latest “Threat Summary and Year in Review” report states that the number of “phishing” attacks on social media sites increased 500% from 2015 to 2016.In addition to a number of known techniques, Proofpoint highlighted the rapid spread of a new type of social media phishing, called “angler phishing.”
This technique, also highlighted by ZeroFOX, includes “attacks that involve fake customer-support accounts that trick people seeking help into handing over their login credentials and other information.”