Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. John Wilson of Fortra’s Agari breaks down common social media scams, their impact on businesses, and how to protect yourself against them.
Social media has become the proverbial double-edged sword, equal parts meaningful connection, and highly convincing fraud. The challenge is that it’s sometimes hard to spot the difference. Threat actors use social media to target companies and individuals alike with the goal of stealing information they can monetize or hocking lookalike goods. As a Senior Fellow for Threat Research, I work daily with those targeted by these criminals to take down their scams.
According to research from Fortra’s PhishLabs, attacks on businesses were nearly 19 percent more common in Q4 of 2022 than in the same quarter of 2021. Companies faced an average of 73 attacks per month on their social channels. On the consumer side, the Federal Trade Commission found that in 2022, end-users lost $1.2 billion as a result of scams originating on social media. Fraudsters worldwide are flocking to these platforms as an attractive attack vector. It’s easy to see why: they offer the ability to reach a mass audience quickly and at a very low cost.
Here, we’ll highlight the most common scams and how to protect yourself, your organization, and your data.
Social Media Scams Impacting Businesses and Individuals Today
Threat Actors Excel at Social Engineering
Social engineering is the basis for every social media scam. A threat actor’s goal is to lull a target into trusting what they see or hear so they lower their guard and ignore red flags. Cyber-criminals can easily set up convincing spoofed websites with pilfered IP, including legitimate-looking images, logos, and text.
Threats can arise through ads or direct messages that take someone to a malicious website or ask them to call a phone number. These venues seek to capture credentials, sell you imposter goods, or defraud you in another creative way.
Social Media Scams Affecting Individuals
I received a Facebook notification that a recently deceased friend was tagged in a post. When I viewed the post, I was horrified that it used a “look who just died” video lure, asking victims to provide their credentials to view the video. Once the criminals have end-user login details, they’re free to perpetuate further bad behavior.
Naturally, I reported it to Facebook right away, praying that the post would be removed before my friend’s grieving widow had to endure the additional pain of seeing her deceased husband’s account used in this way.
Social Media Scams Affecting Businesses
Attackers can interact with your employees, customers, and partners on social media. According to research, banking is the most frequently targeted industry, followed by retail and financial services.
Social media scams can attack organizations from different angles. A threat actor could lure customers into fraudulent campaigns or impersonate an executive. Employees using your corporate network can also check personal social accounts during the workday and unwittingly download malware, including ransomware, that spreads from their computer to other devices on the corporate network.
- Impersonation: In another report, impersonation was cited as the top risk for businesses, representing 36.4 percent of threats assessed. Impersonation ploys appear to be credible and can include scammers masquerading as executives.
- Counterfeit campaigns: One particular form of impersonation includes counterfeit retail ads that lure customers to a malicious website or fake social media page. These start with ads for an amazing deal, usually with some urgency attached to ‘act now’ before the item is gone. Those who fall for these campaigns may receive counterfeit goods, or they may find their payment card information has been stolen. For companies, this erodes their brand reputation and could cannibalize sales.
- Steganography: Steganography is the practice of concealing a message, file, or data within another seemingly innocuous medium, such as an image or audio file, to hide its existence. Social media ad campaigns rely heavily on interesting visuals to entice end-users, and malicious campaigns are no different. Malware can be baked into these images using steganography, and clicking on the picture will deliver malware right onto the person’s computer.
How to Protect Your Business
Companies can take several social media protection measures to prevent or minimize the impact of these threats.
- Employee training: As employees are your first line of defense, invest in hands-on training that simulates fraudulent social media and phishing campaigns. These teach employees to recognize threats and understand how to react.
- Partner with a company that has close relationships with social media admins: It’s easier to report and resolve brand impersonation when you have a relationship with a channel. Then, if you need to submit evidence of a problem (links, screenshots, etc.), you have a point of contact who can help.
- Technical controls: Besides implementing robust firewalls and antivirus software, partner with a provider that can monitor, detect, and take down malicious social media profiles and ads to safeguard your brand.
Social Media Scams Affecting Individuals
Many of us visit social media channels as a distraction or a way to unwind. Scammers know our guards are down and devise tactics that trick us into inputting credentials or high-value data such as payment information. Beware of these types of social media scams:
- False financial, banking, and crypto companies: Scammers create fake profiles impersonating trusted financial institutions or cryptocurrency platforms to steal your financial information or investments.
- Amazing retail deals, especially near holidays: Be cautious of too-good-to-be-true discounts on social media, especially around holidays, as scammers may lure you into purchasing counterfeit or non-existent products.
- Dating or confidence scams with people you’ve never met asking for money: Scammers create fake romantic relationships to gain your trust and then request money under false pretenses.
- Fake vacation rentals you can’t find on a map: Scammers offer enticing vacation rentals that don’t exist or aren’t located as advertised, leaving you without a place to stay.
- Fraudulent charities or ones posing as legitimate charity organizations: Beware of fake charities on social media seeking donations; they may divert funds away from genuine causes.
- Loan scams with extremely low rates: Scammers promise low-interest loans but often demand upfront fees and disappear after receiving payment, leaving you without the loan.
- False job postings: Scammers post fake job opportunities, aiming to steal personal information or money through application fees or phony background checks.
How to Protect Yourself
Always approach social media with a degree of suspicion and consider these aspects:
- Streamline what you share: An attacker can glean a lot about you from your public profiles, which can then be used to target you for fraud via social engineering. Ask yourself how much you need to share and how often. Lock your profiles down so only verified contacts can see them. Be sure to review the audience for your older posts. When you change your default audience for new posts, this usually does not impact existing posts.
- Use your intuition: If an ad promises something too good to be true, it likely is. If something seems amiss, it’s worth a second look.
- Do your research: If you haven’t heard of an advertiser, search online for their name followed by ‘scam.’ You can also map the business to see if they have a physical address. Watch for website URLs that are similar to those of well-known companies. Domain registrars list creation dates for websites. A recently created domain could indicate a scam.
- Verify through a second avenue: If something or someone on social media tells you to call a particular number, especially for financial purposes, find the number another way. This could be using your banking card or statement.
In a world where social media serves as both a bridge to connection and a gateway to deception, vigilance is paramount. Social media scams have grown rampant, infiltrating professional and private lives, and leaving a trail of financial losses and personal distress in their wake.