Home / IT / Telecom / Tech/ Social media impersonators drive security risk

Social media impersonators drive security risk


Comments / {{hitsCtrl.values.hits}} Views / Tuesday, 12 September 2017 00:00


A new pool of research digs into the fraudulent social media accounts, a growing threat to individuals and businesses.

The number of social media impersonators grew 11 times between December 2014 and December 2016, a sign of a trend threatening businesses and individuals as fake accounts become easier to create.

This finding comes from new research by social media security firm ZeroFOX, which spent two years digging into impersonators using machine learning, natural language processing, image recognition, and other techniques to gauge similarities between fake and legitimate accounts.

“We were analysing tactics and techniques, trying to understand their motives for performing different types of attacks,” says Mike Raggo, chief research scientist at ZeroFOX.

ZeroFOX gained its insight from about 40,000 brand impersonators across six platforms: Facebook, Twitter, Instagram, LinkedIn, Google+, and Youtube.

Nearly 1,000 were analysed in depth; for some, researchers talked with criminals to learn about goals and methodologies.

Attacks span all platforms but are most popular on Facebook, Twitter, and Google+. Their goals vary, but most involve money. With phishing, Raggo explains, they could be seeking credit card information or social network data so they can hijack accounts and broaden their victim pool.

Impersonators employ several techniques: phishing, adware, malware, fraud, counterfeit merchandise, and “follow farming”. Their habits are changing. In this research, Raggo explains, he was surprised to see an increase in impostors claiming to verify accounts.

“We saw a number of impersonators, across a number of different networks, exploiting the verification process,” he says. Many claim to verify social media accounts for a price, and collect victims’ credentials and credit card information in the process. The verification process varies across social platforms; some require fees and some don’t.

Fake promoted ads are another trend to watch, he continues. Impostors create ads prompting users to click through to a malicious site. This was surprising, he continues, because social platforms typically require a vetting process for promoted ads. Impersonators can bypass the vetting process by using real brand logos and similar-looking merchandise.

The creation of successful fake accounts takes time and expertise. Many impersonators set up their accounts long before they attack, garner followers, then change their information before they weaponise the account. They continue adopting new names over time to avoid getting caught. 

“We saw a lot of impersonator accounts were set up weeks or months in advance,” says Raggo. “A lot of accounts had been set up for some time to build a following. Then they change multiple times, transcending multiple accounts or companies over time.”

There are several ways impostors try to trick unsuspecting users. They employ link shortening so unsuspecting victims have no idea they’re getting phished. They use cropped, flipped, or altered images from legitimate brands to make their false advertising seem real.

This research highlights an interesting challenge for businesses as they figure out how to stay secure in the age of social media. Most organisations are equipped to handle phishing, malicious links, and malware in email – but how are they positioned to handle social media?

“This is more than a perimeter and endpoint issue,” he says. “This is a problem within the cloud, outside the business networks.” Perimeter and endpoint security can help squash some of these threats, but they can’t tackle all attacks from social media impostors.

Businesses should be monitoring for impersonators, watching for instances of brand hijacking or ads selling counterfeit goods. Finding these accounts isn’t easy; anyone can go out and use relevant social apps to create fake profiles.

 


Share This Article


DISCLAIMER:

1. All comments will be moderated by the Daily FT Web Editor.

2. Comments that are abusive, obscene, incendiary, defamatory or irrelevant will not be published.

3. We may remove hyperlinks within comments.

4. Kindly use a genuine email ID and provide your name.

5. Spamming the comments section under different user names may result in being blacklisted.

COMMENTS

Today's Columnists

Ranil’s tactical success, Mahinda’s strategic victory

Wednesday, 21 February 2018

Who will defeat the UNP? The people, with or without the Sri Lanka Freedom Party. That was proved at the local government


Betraying the very foundation of the Unity Government- Consensus

Wednesday, 21 February 2018

Soon after the results of the Local Government bodies were released, it was reported that the President wanted the resignation of the Prime Minister


Sri Lankan consumer under pressure

Wednesday, 21 February 2018

Whilst Sri Lanka is grappling to understand how to structure the Government to run the country, the reality is thWhilst Sri Lanka


More of the same

Tuesday, 20 February 2018

Those of you who’ve read what I have written over the years could, justifiably, experience a sense of déjà vu as you read what follows. That said, I will make no apology for the burden of this piece because it will, again, state the eternal verit


Columnists More