Attacks/Breaches
2/21/2017
12:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Social Media Impersonators Drive Security Risk

A new pool of research digs into the fraudulent social media accounts, a growing threat to individuals and businesses.

The number of social media impersonators grew 11x between December 2014 and December 2016, a sign of a trend threatening businesses and individuals as fake accounts become easier to create.

This finding comes from new research by social media security firm ZeroFOX, which spent two years digging into impersonators using machine learning, natural language processing, image recognition, and other techniques to gauge similarities between fake and legitimate accounts.

"We were analyzing tactics and techniques, trying to understand their motives for performing different types of attacks," says Mike Raggo, chief research scientist at ZeroFOX.

ZeroFOX gained its insight from about 40,000 brand impersonators across six platforms: Facebook, Twitter, Instagram, LinkedIn, Google+, and Youtube. Nearly 1,000 were analyzed in depth; for some, researchers talked with criminals to learn about goals and methodologies.

Attacks span all platforms but are most popular on Facebook, Twitter, and Google+. Their goals vary, but most involve money. With phishing, Raggo explains, they could be seeking credit card information or social network data so they can hijack accounts and broaden their victim pool.

Impersonators employ several techniques: phishing, adware, malware, fraud, counterfeit merchandise, and "follow farming". Their habits are changing. In this research, Raggo explains, he was surprised to see an increase in impostors claiming to verify accounts.

"We saw a number of impersonators, across a number of different networks, exploiting the verification process," he says. Many claim to verify social media accounts for a price, and collect victims' credentials and credit card information in the process. The verification process varies across social platforms; some require fees and some don't.

Fake promoted ads are another trend to watch, he continues. Impostors create ads prompting users to click through to a malicious site. This was surprising, he continues, because social platforms typically require a vetting process for promoted ads. Impersonators can bypass the vetting process by using real brand logos and similar-looking merchandise.

The creation of successful fake accounts takes time and expertise. Many impersonators set up their accounts long before they attack, garner followers, then change their information before they weaponize the account. They continue adopting new names over time to avoid getting caught.

"We saw a lot of impersonator accounts were set up weeks or months in advance," says Raggo. "A lot of accounts had been set up for some time to build a following. Then they change multiple times, transcending multiple accounts or companies over time."

There are several ways impostors try to trick unsuspecting users. They employ link shortening so unsuspecting victims have no idea they're getting phished. They use cropped, flipped, or altered images from legitimate brands to make their false advertising seem real.

This research highlights an interesting challenge for businesses as they figure out how to stay secure in the age of social media. Most organizations are equipped to handle phishing, malicious links, and malware in email -- but how are they positioned to handle social media?

"This is more than a perimeter and endpoint issue," he says. "This is a problem within the cloud, outside the business networks." Perimeter and endpoint security can help squash some of these threats, but they can't tackle all attacks from social media impostors.

Businesses should be monitoring for impersonators, watching for instances of brand hijacking or ads selling counterfeit goods. Finding these accounts isn't easy; anyone can go out and use relevant social apps to create fake profiles.

Related Content:

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.