Table of Contents:
More than half the world had a social media account in 2022 (that’s 4.62 billion people). Increasingly, large portions of our lives are conducted on social media. It’s where we show others what we are doing, where we are from, when we were born, and what we are interested in. For businesses, it’s where you sell your products, market your brand, and interact with customers. However, for hackers, all of this is valuable data that can be used in a phishing attack.
In 2021, around 25% of all financial losses due to fraud were conducted through social media. Social media companies are always trying to improve their security measures, but there are plenty of clever ways hackers get around these.
In this article, we will look at:
Phishing in general is a cybercrime whereby hackers trick people into giving up sensitive information or financial details via the web. Phishing tactics are numerous and can take many forms. Fraudsters may create a website that looks just like the website of a trusted brand. Unsuspecting users may click on links or give up their financial information because they believe they are browsing the website of a well known brand. Microsoft, for example, was the most impersonated brand in online phishing attacks in 2022.
Social media phishing is simply another platform hackers use to dupe individuals. Through fake social media accounts, business impersonation, quizzes, urgent messages, information-scraping, and more, bad actors use social media as a way to steal your personal data, gain control of your account, and conduct further phishing attacks against your followers, friends, or customers.
Starting a business without an accompanying social media profile is virtually unheard of in our increasingly digitized world. Around 96% of small businesses use social media to boost their brand and interact with customers. Nonetheless,just like a physical shop can be susceptible to theft, so can a digital shop or profile be targeted for similar crimes.
Bogus ads, investment scams, and fake social media profiles are all ways that scammers use to take advantage of your customers, and even your employees. For example, 45% of reports made from individuals who lost money due to social media scams were about online shopping in 2022. In many of these cases, individuals bought through social media profiles that were impersonating real brands.
So how is this affecting your business? For every sale made via a fake account, a sale is lost from your business. Most significantly, however, is how fraudsters will affect your brand reputation. If the fake account is the first time someone gets to know “your” brand, then it’s likely that that potential customer will be forever lost if they had a bad experience. The same with repeat customers: once a negative experience has been associated with your brand – even if it was with a fraudster pretending to be your brand – they are less likely to trust your brand in the future. Begrudging customers may even spread negative reviews of your brand via social media.
If you are leaving your brand open to impersonation attacks, then your carefully built reputation will suffer. That’s why it’s vital that businesses protect themselves on social media with special software before they find themselves in the firing line of a phishing attack.
You’ve probably seen lots of those Facebook quizzes being shared on the platform. “Put your mother’s maiden name and the make of your first car together. This is the name of your new band!” They’re just harmless fun, right?
The answers you write are harvested by fraudsters to get more information about you. Often banks and other high-security websites will ask you some security questions when you log on, such as “What was your mother’s maiden name” or “The make of your first car”. When you engage with these online quizzes, you could be unwittingly giving away this security information.
The next time you come across one of these quizzes, think twice before you give up information that could be used against you one day.
If a social media company wants to communicate with you – for example to reset a password or alert you to new notifications – they often do so through email. Email is therefore used in social media phishing attacks quite often. Scammers create a fake email address as well as an almost identical email template to that of the social media company. They may ask you to click on a link that could contain malware or take you to a lookalike website where you may be asked to give up sensitive information or financial details.
It’s fairly easy to spot a phishing email thanks to the fact that the email addresses will rarely appear professional and will likely come from a “gmail”, “yahoo”, or other non-work address.
One common phishing tactic that appears on social media is cryptocurrency investment or giveaway scams. These are promoted chiefly through Facebook and Twitter, and are usually promoted through phony celebrity profiles.
Through authentic-looking social media accounts, these fake celebrities use convincing and often urgent messaging claiming to multiply whatever cryptocurrency you send them. Arguably the face of the cryptocurrency movement, Elon Musk’s profile is frequently impersonated online, and in 2021 impersonators managed to steal more than $2 million in crypto scams.
Also known as “CEO fraud”, executive impersonation is when a CEO or executive high up in the company requests information or an urgent money transfer from a less senior employee. The fraudster is taking advantage of human nature’s tendency to unquestioningly do what a senior colleague asks of them. This type of fraud boomed during the pandemic when remote working became the new normal and colleagues were no longer physically together in the office.
Usually this takes place through email and is known as business email compromise (BEC). However, LinkedIn provides executive impersonators with an easy way to connect with employees of an organization. All they have to do is create a fake yet convincing profile, gain some contacts, and message other employees.
It takes two minutes to set up a social media profile, which means the barriers to entry for fraudsters are incredibly low. They may impersonate your brand by creating fake ads, Facebook pages, or social media accounts, showcasing products or services by simply copy and pasting those of a legitimate retailer. Their profiles may then lead consumers to a fake website, or perhaps instead of the real deal, they sell counterfeit items.
Fortunately, filing a takedown request for these fake pages, profiles, or adverts, is not a very complicated process. For specific instructions on how to handle these fraudsters on specific socal media platforms, you can refer to our additional guide pages below::
LinkedIn is a highly popular network for both job seekers and recruiters. However, scammers have been known to post fake job ads and fraudulent company pages. They’ll start by creating a job posting. They will collect applications either through the job posting or LinkedIn messages. The job application will inevitably ask for sensitive information, which fraudsters will use to their own ends.
Even more unscrupulously, they will congratulate the applicant on getting the job, and mail them their first (fake) pay package. Soon after, they will ask the candidate to send a certain amount of the pay back to them for some reason or another. This way, they directly defraud the victim of their money.
There is a wealth of data on peoples’ social media profiles. The public has become increasingly aware of the dangers involved when you leave your profile public. Of course, the social media companies themselves work hard at preventing hackers through bots and privacy settings, which means hackers have to rely on human error.
A bad actor can easily impersonate someone by creating a social media profile out of their photos, information, name, and interests. They may then send an urgent message to friends or family members requesting money, passwords, or other information. Nowadays, people are increasingly aware of this type of phishing attack, but some may still slip through the net.
Social media is the place where a lot of businesses interact with their customers. The more or less instant replies facilitated by these platforms mean that customers often like interacting with businesses this way, rather than waiting for hours on the phone or sending an email out into the aether.
Many businesses have now set up customer support accounts via social media channels, such as Amazon Help, which is available on Twitter and Facebook for example. These accounts, however, offer the perfect camouflage for fraudsters.
All the fraudster has to do is copy a few identifying elements of a brand, and wait for a misguided customer to come along. The customer, believing they are in safe hands, may give away their password information and other details.
Due to the fact most people access social media through their mobile phones, they won’t be alerted to some of the common signs that they are entering a phishing website or fake social media page.
A telltale sign for any fraudulent page is a suspicious looking URL. This is called “typosquatting” – when a website creates a name that slightly deviates from the original brand name, such as amaz0n.com. On a desktop, you can scrutinize the URL for any discrepancies easily. On a mobile phone, however, the URL rarely shows up and if it does, it is often shortened.
The best way to avoid becoming embroiled in a social media scam – whether you’re a business or an individual – is through a combination of education and technology. Below are Red Points’ recommended ways for preventing and avoiding a phishing scam on social media:
Social media has grown exponentially all over the world in recent years. With over 4 billion people possessing at least one profile, the social media landscape is ideal for businesses to interact with customers and grow their brand reputation. It’s also the perfect place for opportunists to dupe unsuspecting users, and one of the main ways through which online fraud takes place.
Through education, you can alert your customers and employees to the signs they need to look out for in a social media phishing attack. However, education alone won’t protect your brand. With Red Points Social Media Protection Software, you can sleep soundly at night. This automated service works 24/7 to detect fake social media accounts and send out takedown requests before any bad actors have had a chance to damage your brand image.