Facebook. Twitter. Instagram. LinkedIn. YouTube. Pinterest. Mastodon. The list goes on. Whether you love or loathe social media, these platforms have become integral to how we communicate as individuals and businesses. Cybercriminals have also taken note, embracing these communication channels wholeheartedly to reach vast audiences quickly, anonymously, and cheaply, successfully defrauding targets of all types.
The stats aren’t pretty: According to the August 2022 Quarterly Threat Trends & Intelligence Report from Fortra’s PhishLabs and Agari, attacks per target increased 102% from Q2 2021 to Q2 2022. No industry is immune, but those in financial services continue to suffer the most extensive abuse with more than 68% of the attacks in Q2 2022 alone.
Social Media Platforms Are Hotbeds for Fraud
Threat actors range from amateur script kiddies flexing their skills to state-sponsored cybercrime outfits that constantly test and evolve their latest scams, optimizing techniques to achieve bigger cash-outs and evade takedown. Scammers excel at using social media to defraud victims with crafty and aggressive campaigns that can be difficult to spot, much less counteract and prosecute.
Social media and email account creation is simple and anonymous, and most people innately trust posts they believe to be coming from household names and institutions. Security leaders in all sectors are wise to educate themselves and their organization’s employees on how to detect these threats and what to do if they’re a victim of attack.
Common Social Media Threats
Companies that fall prey to scammers risk financial and data loss, reputational harm, erosion of employee and customer trust, and general business disruption. Below are three threat types to be aware of:
Threat actors work hard to spoof company brands and their employees. Executives in particular are popular targets as organizations increasingly encourage their leaders to establish a regular presence on platforms such as LinkedIn and Twitter. Scammers can easily access high-quality logos, imagery, and messaging online to emulate well-known companies and industry execs in a way that looks legitimate and encourages interaction.
With this type of brand abuse, threat actors create believable posts designed to lure victims to sham websites they control. Counterfeit campaign ads may entice shoppers to purchase discounted goods that will never arrive or get people to enter login credentials that criminals then capture on the back end. Oftentimes, when the social media platform or other authority investigates reported abuse, they find the ads have been modified to look generic.
Photos and images are critical to the success of many social media campaigns and posts. Unfortunately, many can be harmful when clicked as they’re actually crawling with malicious code. Steganography is the practice of embedding messages, images, or files inside other messages, images, or files, and it’s prevalent on social media. Photos can be altered, deep faked, or configured to deliver malware onto the computer of someone who clicks the post.
How to Spot and React to Social Media Scams
It can be difficult to recognize social media scams, and even harder to take down threat actors. This means security awareness training and related prevention tactics are key to your defense strategy.
1. Build Relationships With Popular Platforms
Establish relationships with the social media providers you leverage so you have a direct point of contact. This will greatly improve your chances of removing malicious content should you find it. Part of this effort is also making sure you have evidence of fraud to submit. Make sure you capture all relevant examples, as the social media platform will require solid proof in the form of links, screengrabs, and more.
2. Implement Employee Security Awareness Training
Knowledge truly is power when it comes to recognizing potentially dangerous social media attacks as employees are your first line of defense. It’s important to train team members to have a healthy level of suspicion and encourage them to tap into their intuition when something doesn’t seem quite right or look legitimate online.
As threats are constantly changing, look to solutions that keep up with the latest scams and give employees hands-on practice with identifying threats. Security awareness training from Fortra’s Terranova Security delivers inclusive interactive content that focuses on building a security mindset among employees so they know how to handle social media, phishing, and other everyday risks.
3. Protect Against Harmful Images
Part of your employee education program should include the potential dangers of images generated both inside and outside the organization. Incorporating document sanitization capabilities with Fortra’s Clearswift Secure Email Gateway(SEG) and Clearswift Secure Web Gateway (SWG) will enable you to cleanse images and reduce the risk of steganography in a way that doesn’t disrupt productivity.