Social Media Phishing is a Dangerous Threat to Business Security
Cybercriminals love to exploit trends, and they’re always on top of where potential victims are going and what they’re doing online. A major trend in the last decade has been toward increased social media usage for people and organizations. It’s no longer just a medium for sharing cat pictures or talking to a college buddy. Social media is another place where business gets done. Worldwide the number of social media users was about 4.5 billion in 2021 – and cybercriminals would love to reach every single one of them.
Your company’s top security risk is already inside the building. Learn how to fix it with The Guide to Reducing Insider Risk. GET IT>>
Social Media Fraud is a Growing Problem
Advertisers also want to get their messages in front of potential customers, and they know that those customers are on social media. That’s why organizations in every sector from retailers to non-profits are investing in social media ads and working with influencers to develop their channels. An estimated 96% of SMBs use social media as part of their marketing strategy. It’s been an especially important way for brands to reach potential customers during the global pandemic, both consumers and businesses. With lockdowns and travel restrictions impacting in-person sales and industry conventions, companies have been leveraging social media more as a way to connect with other companies for new business opportunities, stay in touch with partners and keep an eye on the competition.
But the faceless nature of social media also makes it ripe for fraud. An ideal stage for brand impersonation, social media has increasingly become a platform for business communication of all kinds, especially as people increasingly choose chat as a substitute for customer service by phone. That opportunity for communication gives bad actors an opportunity to snag victims through phishing. In January 2021, organizations experienced about 34 social-media-related phishing attacks per month. However, in June this number rose closer to 50, representing a 47 percent increase through the first half of 2021. By September 2021, organizations were looking at more like 61 social-media-related phishing attacks per month – a shocking 82% increase in just three quarters.
A strong security culture reduces your company’s chance of a data breach. This checklist helps you build it. GET IT>>
Misrepresentation of a Business Is A BEC Risk That Can Harm Reputations & Relationships
Stealing a company’s brand reputation is just like stealing its identity. Companies spend time and money building their brands and part of those efforts are spent establishing themselves as a trustworthy, upright organization that is both a good business partner and a quality company for customers to patronize. But cybercriminals love to profit from other people’s hard work. One way that they can capitalize on a company’s stellar brand reputation in the business world is to fraudulently contact companies that brand does business with or companies that are a logical partnership fit using fake social media accounts. Bad actors can use this method to gather information, obtain credentials and more that enable them to launch business email compromise schemes without ever sending an email.
When bad actors use a brand in business email compromise schemes or for phishing on social media, the company’s good reputation is usually damaged, undoing some of the hard work and investment that the company has done to establish it. 69% of marketers use social media to build brand awareness and that works for good and bad publicity. It’s damage that sticks around too, as negative sentiment is hard to eradicate from a company’s online reputation. Potential clients and partners that research a brand will see the fallout of scams using that brand for a long time online. In a GlobalWebIndex report, about half of people in every age group used social media to research brands before making a purchasing decision.
Retailers are often especially plagued by social media phishing. Luxury retail brands are constantly battling misrepresentation on social media, and cybercriminals use those brands to fleece and phish unsuspecting victims every day. The number of domains suspected of some degree of brand impersonation has risen by more than 360% since 2020. Cybercriminals are making an effort to quickly shift their operations to the current hot social media platform. Right now, that means they’re putting time and effort into defrauding TikTok users. Big-name retail brands like Gucci, Rolex and Louis Vuitton were among those most heavily targeted by counterfeiters on TikTok in 2021.
Most Counterfeited Luxury Brands on TikTok
In views of hashtagged brand misrepresentation posts
- Gucci 13.6 million
- Rolex 11.7 million
- Louis Vuitton 2.08 million
- Dior 282,700
- Chanel 163,181
Are your systems and data really safe? Our Cybersecurity Risk Protection Checklist will help you find & fix vulnerabilities. GET IT>>
More Opportunities for Cybercriminals to Phish Employees
In today’s interconnected world, employees aren’t just using social media in their private lives. They’re using it at work, chatting, shopping, researching, playing games, looking for love and more every day on work devices. More than 75% of workers use social media at work. Of course, some of that social media use is employees taking breaks or even just wasting time, but many employees so use practical purposes, especially when working remotely. In a survey, 66% of employees worldwide said that they use social media to talk to their colleagues at work. Breakdowns vary by country. In the US, about 27% of workers use social media for work purposes. However, using social media for work purposes is especially prevalent outside the US – 47% of Indian workers, 31% of Canadian workers and 30% of Australian workers use social media at work.
That puts employees squarely in the crosshairs of practitioners of social media phishing, opening their employers up to potentially devastating consequences. Employees who are using social media at work to chat and shop are being inundated with phishing attacks. Researchers estimate that one in four transactions on social media or dating platforms is a cyberattack. When those phishing attacks are perpetrated on people using their work devices, that gives cybercriminals an opening to serve up ransomware, engage in credential theft and execute other operations that could harm their employers.
Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>
How Can Social Media Phishing Impact Business Security?
Phishing remains the top data breach threat for the third year in a row, and email isn’t the only way that employees are phished at work. Employees being phished on social media is just as dangerous as email phishing. Phishing of any type is a gateway to trouble. Brand fraud is a data breach driver. The Verizon Data Breach Investigations Report 2021 shows the rapid rise of brand impersonation as a precursor to a data breach, called Misrepresentation in this instance, clocking in 15 times higher than it did in 2020. That makes it clear that brand fraud on social media can quickly lead to a data breach.
A data breach isn’t the only cyberattack that businesses have to worry about as a result of social media phishing. The DBIR also notes that misrepresentation or brand impersonation is a growing category of social engineering that can open companies up to business email compromise attacks (BEC), a prospect that no business wants to face. Business email compromise can happen through brand fraud in several ways. For example, a fraudster could trick an employee into giving out information in a chat that enables them to use a brand to carry out cyberattacks. Or a bad actor could represent themselves as a company to contact one of its partners in a direct message about an invoice that requires urgent payment. The possibilities are endless.
Be the hero that defeats your company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>
Social Media Phishing is an Expensive Risk That No Business Can Afford to Overlook
Social media may be free for anyone to use, but the attacks that businesses faced from social media sources in 2021 weren’t. Researchers calculated that $155 million was lost through social media attacks in 2021. ID Agent solutions help reduce phishing and data breach risk without breaking the bank.
Dark Web ID – Do you suspect that a password has been successfully phished from an employee? Find out immediately when you use dark web search to find all of a company’s compromised credentials in minutes. That protection also keeps running to alert you to new credential compromise risks through 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
BullPhish ID – A frequently updated library of preloaded phishing kits makes it a snap to make sure employees have been trained to resist the phishing lures they face every day. But they’ll learn about much more than just phishing including ransomware, compliance, password safety, security hygiene and more, giving every employee a solid grounding in cybersecurity pitfalls and best practices.
Contact an ID Agent solutions expert now for a personalized demo of our award-winning solutions.
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
Book your demo of Dark Web ID, BullPhish ID and Passly now!