Home / IT / Telecom / Tech/ Social media impersonators drive security risk

Social media impersonators drive security risk


Comments / {{hitsCtrl.values.hits}} Views / Tuesday, 12 September 2017 00:00


A new pool of research digs into the fraudulent social media accounts, a growing threat to individuals and businesses.

The number of social media impersonators grew 11 times between December 2014 and December 2016, a sign of a trend threatening businesses and individuals as fake accounts become easier to create.

This finding comes from new research by social media security firm ZeroFOX, which spent two years digging into impersonators using machine learning, natural language processing, image recognition, and other techniques to gauge similarities between fake and legitimate accounts.

“We were analysing tactics and techniques, trying to understand their motives for performing different types of attacks,” says Mike Raggo, chief research scientist at ZeroFOX.

ZeroFOX gained its insight from about 40,000 brand impersonators across six platforms: Facebook, Twitter, Instagram, LinkedIn, Google+, and Youtube.

Nearly 1,000 were analysed in depth; for some, researchers talked with criminals to learn about goals and methodologies.

Attacks span all platforms but are most popular on Facebook, Twitter, and Google+. Their goals vary, but most involve money. With phishing, Raggo explains, they could be seeking credit card information or social network data so they can hijack accounts and broaden their victim pool.

Impersonators employ several techniques: phishing, adware, malware, fraud, counterfeit merchandise, and “follow farming”. Their habits are changing. In this research, Raggo explains, he was surprised to see an increase in impostors claiming to verify accounts.

“We saw a number of impersonators, across a number of different networks, exploiting the verification process,” he says. Many claim to verify social media accounts for a price, and collect victims’ credentials and credit card information in the process. The verification process varies across social platforms; some require fees and some don’t.

Fake promoted ads are another trend to watch, he continues. Impostors create ads prompting users to click through to a malicious site. This was surprising, he continues, because social platforms typically require a vetting process for promoted ads. Impersonators can bypass the vetting process by using real brand logos and similar-looking merchandise.

The creation of successful fake accounts takes time and expertise. Many impersonators set up their accounts long before they attack, garner followers, then change their information before they weaponise the account. They continue adopting new names over time to avoid getting caught. 

“We saw a lot of impersonator accounts were set up weeks or months in advance,” says Raggo. “A lot of accounts had been set up for some time to build a following. Then they change multiple times, transcending multiple accounts or companies over time.”

There are several ways impostors try to trick unsuspecting users. They employ link shortening so unsuspecting victims have no idea they’re getting phished. They use cropped, flipped, or altered images from legitimate brands to make their false advertising seem real.

This research highlights an interesting challenge for businesses as they figure out how to stay secure in the age of social media. Most organisations are equipped to handle phishing, malicious links, and malware in email – but how are they positioned to handle social media?

“This is more than a perimeter and endpoint issue,” he says. “This is a problem within the cloud, outside the business networks.” Perimeter and endpoint security can help squash some of these threats, but they can’t tackle all attacks from social media impostors.

Businesses should be monitoring for impersonators, watching for instances of brand hijacking or ads selling counterfeit goods. Finding these accounts isn’t easy; anyone can go out and use relevant social apps to create fake profiles.

 


Share This Article


COMMENTS

Today's Columnists

Can President Sirisena save the SLFP-MS?

Friday, 24 November 2017

Will the Local Government election prove to be the “great fall” of the Humpty-Dumpty coalition, or will all the Queen’s horses and all the Queen’s men be able to put Yahapalana Humpty together again?


Celebrating top business performance

Friday, 24 November 2017

On Monday, awards to the top rankers of Business Today Top 30 – Best Banks and Companies were presented by Prime Minister Ranil Wickremesinghe. The annual Business Today awards ceremony organised by Business


Ceylon Tea: Time to take the spots off the lion?

Friday, 24 November 2017

It has been made known that the Sri Lanka Tea Board is now finalising plans to embark on an ambitious international promotional program to promote the tea produced in our country. We have no information available


Budget 2018: Will it help realise goals and targets of Vision 2025?

Thursday, 23 November 2017

The Budget 2018, besides being a budget for the forthcoming year, is another declaration of policies and plans of the Government in power. Goals The Sustainable Development Goals (SDG) approved by the UN have been accepted as the goals of Budget 201


Columnists More