Social media is increasingly used by cybercriminals as an attack vector to run scams and carry out malicious attacks, ranging from account hijacking to impersonation of key employees. As social media networks become intertwined in our daily personal and business lives, people tend to forget that they are not just among friends.
Besides, social media is also an invaluable asset for cybercriminals at the reconnaissance stage. Before even launching an attack, the wealth of personal information that we share on social networks can be used to identify company’s employees for targeted social engineering attacks.
Below are just few of the popular methods used by cybercriminals to carry out attacks against your brand with the help of social media.
1.Illegitimate social media profiles as bait
By either creating a seemingly legitimate social media profile or hijacking an existing one, a cybercriminal can gain trust of organization’s employees. The cybercriminal then uses the account to connect with as many company’s employees as possible in order to disseminate malicious links and malware through direct messages, tweets, posts or comments with an intent to either steal further credentials or to infect end points within an organization’s network.
This scam tricks a user into revealing personal information or authentication credentials in phishing campaigns by impersonating the social media platform itself.
First, the user is contacted via email and urged to verify his/her social media account (Facebook for example) within a certain time frame, or else, the account will be deleted or suspended. Once the victim logs into what they think is their social media profile via the provided link, the cybercriminal gains full access to the account and a wealth of personal information.
The damage of such an attack is not limited to the social media network itself, due to the fact that many users often reuse the same passwords across a number of platforms and applications. Chances are high that the same user credentials would be valid across multiple services, including business applications,directly affecting a company’s exposure to cyberattacks.
In this scam like others, the perpetrator will use logos and names of known retailers, like Norton to provide a sense of ‘legitimacy’ and security. Cybercriminals increasingly target businesses through personal social accounts of employees. By clicking on malicious link in a tweet or a Facebook post your employee can easily open the window for hackers into your company’s network.
3. Cyber impersonation and fraud
Social networks are a great way for cybercriminals to post links leading to malicious websites posing as vendors. In early 2016, scammers used Lowe's Home Improvement warehouse brand to run a large phishing scheme, eliciting an official response from the company. This year cybercriminals also took advantage of Ray-Ban’s brand by setting up scam e-shops and offering fake discounts through ads on social media channels.
This dubious social media activity not only harms buyers, who get inferior products, but retailers as well. Companies are not only losing out on major profits during peak shopping times, but more significantly, brand’s reputation and digital identity take a hit.
A recent study by Forbes showed that this type of cybercrime is having a serious affect. Of those surveyed, 45% of consumers said they were a victim of cybercrime via brand impersonation, while 75% blamed the companies for lacking fraud protection and 53% said they would cease interacting with the real brand, due to the scam.
4. The rise of social media bots (It’s an all-out bot war)
Social bots are automatic or semi-automatic computer programs that mimic human behavior on social networks.
Social bots can be designed for various purposes, they can be used to disseminate malicious links, collect intelligence on high profile targets, spread influence, paralyze a company page feed, or influence specific users. Bots are ideal tools for shady marketing practices, such as inflating the numbers of social media followings or post likes.
However, now we are seeing a new kind of a social botnet attack - a bot powered DDoS-like attack on social pages. In that case, a company page on Facebook, or on Twitter is flooded with millions of automated comments per minute, making the feed inaccessible. Such an attack can easily throw a company’s social media activities into chaos.
Methbot - The biggest media industry scam ever?
A Russian cyber criminal group known as AFK13 or the Ad Fraud Komanda devised a sophisticated scam which was dubbed the 'Biggest Ad Fraud Ever'. Methbot cleverly combined the use of social media with botnets to imitate millions of video advertisement views.
How did the scam work? The group created 6,000 fake domains and 250,000 distinct URLs that appeared to belong to major websites like ABC, CNBC, WSJ among others. They then used the fake domain registrations to ensure that their space was purchased over the big-name brands, thereby successfully tricking ad placement algorithms.
The scam exploited pay for click advertising model by using a massive bot army to mimic the actions of real people on social networks. to lower the possibility of detection, AFK13 also associated their bots with US IP providers, like Verizon and Comcast, to make it look like the clicks were originating from homes across the US. Through this process, they succeeded to generate over 300 million fake video ad views per day. The outcome was the siphoning some $3 million - $5 million dollars daily from advertisers.
The rise of Methbot illuminated the problem that runs deep within online advertising industry. It is estimated that billions of dollars are lost annually because of fraudulent clicks, fake traffic, and other scams.
Because social media threats exists outside of the network perimeter, they are impossible to detect unless companies start to look at all their online activities and assets from an attacker’s perspective.By looking beyond the perimeter and providing constant vigilance of cyber activities, Cyberint eliminates potential threats before they become crises. Contact Cyberint to learn more.