Arm your business against brandjacking when scammers go phishing

In the first decade of social media, brands had to worry about activists brandjacking social media hashtags or parody accounts making light of them due to a situation. Brandjacking is a lot easier to do on social media than anywhere else. All it takes is a Twitter account, Facebook page, Instagram account, hashtag and a desire to inflict damage to a targeted organization.

New concerns for brands and consumers have presented themselves. According to new research of online impersonation, the social media security firm ZeroFOX, found that the number of fake social media profiles created for fraudulent purposes increased 1,100 percent from 2014 to 2016. These social media crooks prey upon the naiveté of consumers. Often, the impersonators present themselves as a brand which does not even exist to lure consumers to participate in non-existent giveaways and coupons.

How do impersonators hurt brands?

They damage consumer trust. These scammers are out to swindle your customers. They are looking to find the weakest link then exploit it. Social media currently is the weakest link.

Research by ProofPoint suggests that social media phishing attacks increased 500 percent year-over-year, which includes angler phishing that intercepts customer support channels on social media. In an angler phishing attack, a fake customer-support account promises to help customers, but instead attempts to steal credentials.

The fraudsters have a couple of ways to scam your customer by using phishing attacks:

▪  Verification phishing is when the scammers impersonate the actual social networks by offering users their own “verified” accounts, and then asking users to provide personal information as part of the bogus verification process.

▪  Ad phishing is profiles camouflaged as verified corporate accounts that are actually buying ads on the same social networks to proliferate the scams.

These scams are well developed. These fake accounts will participate in normal social media activity such as discussion threads or regularly posting by using trending topics, LinkedIn Groups, and/or wrongly claim brand affiliation. The fraudster, after the initial contact, will try to direct the users to other channels, such as email or direct messaging, to minimize the digital footprint.

Another scamming trick is the use of social media URL shorteners. On mobile, the URLs are often hidden, keeping many from really looking at the URL before clicking. Without realizing it, users are redirected to malware or credential-harvesting sites.

How to protect against social media impersonators?

In 2016, Twitter had 313 million active users. Facebook had 1.86 billion active users. Instagram had 600 million active users. These fraudsters are breaking the social platforms’ terms of service. While the social platforms have policies in place for impersonators and parody accounts, with those numbers, there is no way for the services to police their platforms 100 percent.

For brands, this is very hard to combat on social media, but there are two ways:

▪  Register your business on every social media platform, including new ones, even if you aren’t planning to be active on them.

▪  Monitor your business by using monitoring platforms not just for customer services, but also for dodgy activity.

Awareness can help you battle these scammers and keep them from damaging your business and the trust of your customers.

 

This column was originally published in the Lexington Herald-Leader on February 26, 2017 and nationally distributed to over 300 media outlets through the Tribune Content Agency.