Best practices to tackle brand impersonation across social media, mobile apps and domains
In this webinar, the following is discussed:
Why should brands care about the impersonation challenge?
What are the 3 types of impersonation
Impersonation attack examples
How do impersonators operate
How to stop brand impersonation
How to Beat Brand Impersonation
And so, today we are going to discuss why this topic matters. And for us, it matters because impersonation is a security challenge that damages the brand reputation and creates a financial risk for organizations and for all of their stakeholders. The volume, location, and sophistication of impersonations make it very very difficult for internal security teams to tackle alone.
In a matter of fact, in recent years, the growing trend is toward more sophisticated campaigns that rely on the combination of look-alike domains, fake accounts on social media, and fraudulent mobile apps.
And according to the FBI, impersonation tax has delivered losses of about $5.3 billion so far. And of course, it’s not just about the money. It is about the money, but it also can include your client’s sensitive information, it can include customer confidence and trust. And I think the biggest of all is brand loyalty and reputation damage, right?
Today, data in the UK shows that impersonation scams have increased by 84 percent in 2020 alone. These fraudsters have sought to exploit banks and caused confusion around at COVID-19 pandemic, and at least 15,000 cases were reported in the first half of the year 2020. And that means criminals dragged in more than 58 million pounds in the first six months of last year using this particular technique. So, it’s quite challenging.
Social network companies, by the way, are very aware of the problem, and they are continuing to think about and combat the social engineering problem by vetting and verifying accounts and interacting with users to weed out impostors. The challenge, of course, is the speed of change. Opening new accounts, and changing accounts once they’re vetted, are all problems. And the point here is that it takes collaboration, diligence, and technology to protect your brand.
To prevent impersonating accounts, it takes a significant effort from platforms and brands. The efforts to ruin your reputation and steal your customers’ money happens every day. It’s systematic, it’s diverse, and it’s increasingly complex. And I will have my colleague, Joan Porta, share a little bit more about the growing problem of impersonation on social media and how we think about addressing them.
Thank you, Daniel. And hello everyone. Exactly. So, what I’ll be discussing in my section is essentially some of the learnings we’ve taken from our experience protecting brands and companies against the impersonation of brands.
Before we share some of those learnings, let me start though by explaining and making sure we all understand the topic of this discussion and what we mean by social media impersonation.
So, according to the Oxford Dictionary, an impersonation is ‘the act of pretending to be another person for the purpose of entertainment or fraud’. Today, we’re obviously not interested in impersonations for entertainment purposes such as parodies, fan pages, or criticisms. Not only that the risk associated here is very low but also because these are types of impersonations that would normally be protected under free speech and they don’t constitute a trademark infringement.
So, we want to focus on impersonations as a medium to commit digital fraud. And with this in mind, we can establish our first classification based on the intended fraud, based on what are these impersonators chasing, and what are they trying to achieve.
Joan Porta :
First of all, fake news. These are often spread by accounts that are impersonating politicians, celebrities, public institutions, and media outlets. It’s a hub (10:10) definitely, but these would not be our focus today.
Second, counterfeiters also rely heavily on social media to promote and sell fake products. So, there are accounts trying to pass off as legitimate retailers. There are aggressive advertising campaigns. Again, it’s a very interesting topic. We could talk about it for hours, but it’s probably not very relevant for financial institutions.
What we want to focus on today are impersonations used to commit scams and phishing attacks against consumers. We think this is the most relevant and common digital fraud impacting the financial industry and this is what we will be talking about today. So, plain and simple. These would-be fraudsters are targeting your customers to steal, as Daniel said, their money and sensitive data.
And we know that this is a practice that has been going on for years both offline and online. And when we think about online, we talk about e-mail impersonations, we talk about fake domain names, spoof websites. The point we want to make today is that social media has become a prominent channel for cyberattacks and that any financial institution, large and small, should be monitoring it closely.
And so, before we talk a bit more about how some of these impersonators operate in social media, I would like to share with you a few examples.
The first one, this one here, is a case that caught a lot of attention back in 2018. It was a wave of impersonation, Elon Musk’s impersonation attacks on Twitter. You can see some of the headlines. And the example on the bottom part, this was a specific example of a fraudster, that was they hacked a Twitter-verified account.
You can see the blue check on the account. And all they did then was to change the name to Elon Musk, start using his same profile picture, and begin tweeting as if they were the CEO of Tesla. Then what they did was link the account to a cropped currencies account, claiming that Musk was doing giveaways and they were requiring users to send their own Bitcoins to the scammer. So, a classical scam impersonating a public figure in this case.
There’re a few things that are relevant and we want to highlight in this case. The first one is that when we’re talking about social media impersonations, we should not only be thinking about pages that are trying to imitate your corporate accounts, scammers will launch very sophisticated, targeted customized attacks against your brand, and they will often be impersonating also your executive and your employees.
The second point that we want to make is that this was a case that happened back in 2018. So, you would think that it was just a temporary scam and that it was quickly addressed by Tesla, by Twitter, or the social media platforms where it was happening.
But if we move into the next slide, what we see here is on the bottom part we see four fake social media accounts for Elon Musk. These were all live this morning. So, these ones exist and they’re very easy to find. If you go to Instagram, to Twitter, you will find them.
It’s worth noting not only do some of them include the work official and they pretend to be they’re tweeting or posting as if they were Elon Musk. But if you look at the number of followers, there’s one with 1.6 million followers. The other one with nearly 500,000, 300,000, 14,000. Many of them include links that are trying to redirect users to external websites. So, again, this is live and happening today.
And on top of the slide, there is a headline from a very recent article published in November 2020, but they’re explaining that the exact same problem that happened on Twitter back in 2018 – so, a massive Bitcoin scam – was now happening in one of the fastest-growing social media platforms, which is Twitch.
If we move into the next slide, our second case here, is about a technique called Deepfakes. It’s a very sophisticated form of impersonation. It’s caught a lot of attention lately. Maybe you’ve already seen, some of you have already seen, some of you maybe have used. I don’t know if we can try and play it. This is a piece of media from Tom Cruise, as you can all see it.
So, we could do a poll and ask also what the audience thinks, but I can give you the answer. As hard as it is to believe, this is not a real video from Tom Cruise. This is a video featuring an actor and there’s a lot of production work behind it and a lot of machine learning technology.
This is what’s known as deepfake, being able to imitate, replicate a public figure or a character using technology to this level where I think everyone would have thought this was a real video of Tom Cruise. This is a TikTok age which you can see the URL here. It includes other videos of Tom Cruise, and if you want to check it out, there are other videos from the same actor, and the technique is used to create the videos.
So, basically, we decided to choose these two examples. We could have chosen, there are thousands of fake financial institution pages out there that we could have shown, but we wanted to highlight these cases because we thought that even though they’re quite specific, they exemplify in our view the sophistication and the risks associated with social media.
So, most impersonation attacks today, will not reach this level of sophistication. But as technology evolves, we will, unfortunately, have to be ready to fake cases like these more and more often.
Now that we have seen a few examples, we’ll talk a little bit about some of the trends and the patterns that we’re seeing on social media lately. The first thing to say is that the way impersonators operate can be very diverse and it will vary essentially depending on the social media platform that we’re talking about or the objectives or the level of sophistication of the bad actors. But, however, there are some common behaviors that we’re seeing that we are observing and we want to share with you.
The first one would be – I think the first takeaway is that there’s usually a correlation between the number of impersonation attacks against a brand and its social media presence.
So, on the one end, we see the brands that don’t have an official account. So, brands that don’t have any sort of official presence on a specific platform. These are very easy targets for fraudsters because they will try to take advantage of this gap to deceive the brand’s followers on that platform. Our advice here is we know there are hundreds of social media platform sites out there.
Ideally, you would want to keep an eye on all of them, but particularly you want at least focused, you want to be monitoring those ones where your customers, your audience may be. So, depending on age groups, countries, territories, and industries, you may focus on some social media platforms or others, but aside from the usual suspects, I would say important to keep an eye always on LinkedIn, TikTok, Twitch, Telegram, Snapshot, VK in Russia, WeChat, and Weibo in China and the list goes on of course, but these are some of the important ones.
On the other hand, so we said, if you don’t have any presence, you could be a target, but we also observe that brands that have a very active presence on social media, tend to be also prime targets for impersonators. It is because scammers know that there’s a large base of customers that they can do fraud and they’re going to try to take advantage of that.
So, again, don’t think that just because you have an official account on Instagram and your account is verified, there’s no risk there. There may still be hundreds or thousands of fake profiles on the platform and you still need to monitor and take action.
In connection to these, the way we normally see impersonators operating is they tend to use the same photos, names, descriptions, bios, posts, hashtags of your official accounts. So, it’s critical to monitor those assets. When you’re running searches, try to use the same hashtags and see who else is using those hashtags in that social media platform. If you’re using specific keywords or images for your promotional campaigns, try to monitor those assets also.
Besides using these official assets, they will often do it in conjunction or using terms such as official, executives, support, customer service, authorized agent. So, monitoring all these keywords is also important, and very often they do it while promoting brochures, sweepstakes, and fake giveaways. So, again, you need to make sure that you’re not only monitoring your brand but you’re also using all these terms and assets to avoid bad actors falling under the radar.
Another common misbehavior that we’re seeing or another thing taken for granted is that even when you find a page or an account that has very few posts or followers, it doesn’t mean, it doesn’t imply that it’s risk-free. They may be sending private messages or they may be running very aggressive advertising campaigns to their victims in order to take them into external websites where they will be committing the fraud.
So, again, you see the fake profile with zero followers, zero posts, they’re just using your logo and branding on the accounting, it doesn’t mean that it’s not harmful. They can still be targeting your customers, and again, ready to be directing them outside the social media platform and committing their illegal activities there.
What else leading to this, also connected, many social media platforms, and some people don’t know this, but a lot of social media platforms, when you set up a new account, it may take some days until that account is visible on the search results.
So, if you go to Facebook for instance and you search and you try to find a page, if this page was created within the last two or three days, it may not pop up in your results, and fraudsters that know this, these are the most sophisticated actors, they’re going to try to take advantage of these windows where they’re very hard to detect to launch very aggressive attacks, again, usually using private messaging or targeted advertising campaigns. So, there are ways to monitor advertising campaigns also and something you should definitely keep in mind.
And finally, to close, I would say the type of social network will strongly determine the form of impersonation. So, for instance, on LinkedIn, we usually see what we usually see are impersonations of company executives, employees, very often sales representatives, agents trying to target customers, making it as if they were part of your company organization.
Other social media platforms with saying instant messaging apps, we’re going to be seeing groups mostly there. Sometimes they can be private groups, harder to access, sometimes they’re public groups. On Facebook, Twitter, the impersonations usually take in the form of a page or an account, but we sometimes see them using profiles, groups, events.
So, I think understanding this complexity, understanding for each platform the structure, the users, and the audience that it has is critical in order to adapt your protection strategy accordingly and make sure that you’re targeting all the fraudsters that are out there.
These was the main behaviors we wanted to share. Happy to answer more questions at the end, but now I will be handing it over to our colleague, Oliver. He is our technical expert and Oli is going to share with us some of the technologies and tools that can be deployed in the fight against online impersonations.
Awesome. Thanks for that, Joan. Super interesting. So, when it comes to actually stopping the impersonators, most platforms on which the impersonations actually exist do give you the tools in order to report them, but in general, the responsibility of identifying and then ultimately reporting those fake accounts is on those that are being affected by them.
So, in this regard, the first piece of advice that we’ve got, which is super key, be proactive about the problem. No one else is going to solve it for you basically.
So, the idea of the Red Points system is such that we can really provide that type of system with being able to automate certain areas. So, in very serious cases, the use of technology for daily tracking and reporting of these violations is a must. So, being able to have a solution that’s consistently on this daily basis monitoring and detecting these new incidences out there and combining that with the use of the broad words that Joan was just mentioning.
So, it’s the idea of having a core set of keywords that are obviously relevant to the original accounts and being able to broaden the spectrum to encapsulate all of these ones with the misspellings, with the additional numbers, the digits added to the end, and having a system to be able to do that for you is going to give you that proactive approach.
Not only that but it’s also recommended that, as Joan was saying, the monitoring of the hashtags and all of this is super important. Now, if you can have a system to do that for you, it definitely lightens the load, put it that way.
Now, when it comes to the local recognition, the idea of the trends that we’re spotting in terms of how impersonators are advertising these profiles, the trends are just that. There’s always a particular image that seems to be appearing through that.
So, by combining the technologies of broad keyword terms and then being able to identify those that are of most importance with technology, such as logo recognition, this helps bring to the floor those that you really want to review before taking action and requesting that they’re taking them. It reduces the false positives.
Secondly, one thing that I failed to mention as well is of course the importance of the whitelist. So, having this whitelist and knowing where the original accounts are, it means that anything outside of those that are original is then going to be at least suspicious.
The last thing that I really want to touch on is about being able to apply a risk and similarity score. So, with Red Points what we’re able to do is use algorithms based on the additional information that we extract from the original profile, such as names, descriptions, photos, number of followers, hashtags, post creation dates. All of this data can be used and manipulated in order to generate the likelihood of it being an infringing account or not. There’s always add-on to kind of helping you to prioritize and choose your best enforcement strategy.
Really all it comes down to is that a comprehensive brand protection strategy should monitor your brand usage beyond social media, most Joan just touched on. It’s a case of not just social media but you want to be looking at the domain names and any additional websites that fall outside of that. And then there are also app stores as well.
So that’s really it from me. I’ll pass you back over to Daniel to wrap up.
Thank you, Oli. I appreciate it. I think to summarize both Joan’s presentation and sort of Oliver’s discussion on how our technology works and how we partner with and collaborate with brands, Fintech companies, I would say, that social media represents a growing problem, affecting thousands of brands, individuals across many many platforms. And as discussed, the associated risks, which include revenue loss for sure, but also notably again – I’ll just say it. I know we’ve repeated a few times, but the reputational damage is significant. Customer loyalty. There are so many competitive institutions out there that losing a customer who has fallen victim to an impersonation perhaps is the most damaging of all, as your brand loyalty, your brand reputation, it’s critical. All of us work so hard to make sure our brands are impeccable, and this is just one of those things that really take aim at it.
And then brands must take a proactive approach. You have to do something. Not doing something is not a solution, and you need something that is both comprehensive and scalable in order to put in place to help identify and remove this fraudulent activity as soon as possible. And of course, we think it takes a combination of both technology and expertise in order to really leverage what we think is the intellectual property solution or enforcement for such a problem.
VP of Brand Relationships at Red Points
VP of Strategy & Innovation at Red Points
Head of Solutions Engineering at Red Points