CSA-Logo social media
social media privacy

Increase in Social Media-based Attacks

By ITWeb
Cyber criminals are taking advantage of social media networks to spread malware and steal money from unsuspecting users. This is one of the biggest findings in the Easy Solutions 2016 Fraud Beat report. The report identifies the most recent and sophisticated cyber attacks impacting companies, financial institutions and consumers across the globe.

The digital revolution, led by users who are always connected to the Internet through their smartphones, offers boundless financial opportunities for banks and businesses, says Easy Solutions. However, the digital revolution is also attracting the attention of cyber criminals for the same reasons.

There are over 80 million fake profiles on Facebook, Twitter and Instagram alone, and a large portion are used to launch social media attacks, Easy Solutions notes. Facebook announced it had surpassed a billion-and-a-half users at the end of last year, the report notes, and its user-base would be the largest nation in the world if it were a country, even bigger than China.

Facebook estimates 2% of its 1.6 billion users are fake, which translates into more than 30 million counterfeit accounts. Twitter estimates about 5% of its profiles are fake, while Instagram approximates its number of fake accounts at around 8%.

According to Easy Solutions, the real number of fakes is likely to be much higher, since these are simply the ones the social networks are actually finding and taking down; it does not include the ones they do not know about yet.

“Social network homepages, along with search engines, are the most common point where users begin their typical online sessions,” says Ricardo Villadiego, CEO of Easy Solutions.

“Users, especially from the millennial generation, increasingly expect the companies they interact with to have a variety of social media pages live at all times for purposes ranging from promotional discounts and employment offers, to troubleshooting problems and complaining about bad service.”

The prevalence of social media has not gone unnoticed by cyber criminals, Villadiego adds. “There has been a marked uptick of social media-based attacks, and they show no signs of slowing down. A typical attack consists of hackers imitating a known brand name to create a fake profile, which is then used to distribute links to malware and phishing sites. This can happen even for brands that do not have a presence on social media, as users are not always aware, and can easily fall victim to an imitator without realising it.”

Online imitators don’t only pose security risks; they also complicate marketing campaigns, he explains, adding that the average Internet user is bombarded with thousands of different marketing messages a day, all competing for a finite amount of attention.

According to Villadiego, spam messages sent out from fake accounts dilute the reach and retention of carefully-crafted brand messaging, and make customers who have been victimised by an attack more reluctant to engage with that brand in the future.

Easy Solutions advocates that organisations always monitor social media platforms in real-time to know if there are any fraudulent profiles associated with their brands, as well as any posts that mention them.

Other findings of the study include organisations that do not have any protection measures on their mobile applications are between four and nine times more likely to be attacked, and companies not using multi-factor authentication experience three times more phishing attacks on their Web portals as those who do.

It also discovered that four of every five Google users click on sponsored AdWords links instead of the organic search results, and more than one-third do not even realise they are ads, enabling an increase in search engine ad poisoning attacks, meaning that attackers can place adverts to phishing websites in a Google search page. Google does have measures to prevent this, but could take a while to pick this up.