With the ever-increasing surge in digital engagement through the instrumentality of social media, individuals, small businesses, and organizations are investing heavily in growing their digital footprint as a way to drive brand awareness and generate revenue. On the flip side, scammers and internet fraudsters in furtherance of their scrupulous intentions, are exerting considerable effort to exploit the brand reputation established by these organizations through brand impersonation in a bid to achieve their fraudulent ends.
What is Brand Impersonation
Brand Impersonation is an attack that impersonates a trusted brand using the name, image, or other identifying elements of the brand to trick victims into divulging sensitive or personal information for fraudulent purposes. In this article, our central focus is to discuss brand impersonation on social media through look-alike accounts and to furnish some safety precautions individuals and organizations can take to prevent these impersonation attacks as well remedial measures to mitigate the effects of the attacks when they occur.
Brand Impersonation Attacks on Social Media
Social media impersonation occurs when a page is made to look or appear as though it is the legitimate social media page for an organization or business. Three common use cases are for phishing, collecting sensitive information, and for sending funds to a fraudulent account.
Phishing: Attackers use social media phishing to harvest personal or financial information. To achieve this, an attacker may post a deceptive and irresistible phishing link such that upon clicking the unsuspecting user is routed through a series of screens and spoofed webpages where the attacker would harvest the victim’s important identifying information including sensitive data such as his/her financial data. Also, links can lead to web pages that automatically install malware on the victim’s device that does the same thing.
Collecting sensitive information: Attackers can pose as customer service representatives and elicit sensitive information such as pin and card numbers with a view to defrauding the victim.
Sending funds to a fraudulent account: If the brand is into selling goods and services, the attackers can pose as sales representatives with a view to getting the victim to make a transfer to a transit account where the funds are immediately withdrawn or sent somewhere else.
Preventive/Remedial measure
For Individuals:
- Always do a search using the profile or page name of the company on social media. If you see multiple accounts do not proceed till you can determine which if any are genuine. Note that cybercriminals also seek out businesses that do not have a social media presence to impersonate, hence seeing only one account does not mean that it is genuine.
- Rather than trust what you see on social media, use a search engine to determine the website of the company or vendor, then navigate to their social media handles using the links listed on their website.
- Look for historical information related to the account. Twitter lists when the account joined on the accounts profile, use page transparency for Facebook to see when the account was opened, and use name history for Insragram. An account that has been recently opened or has changed its name numerous times is more likely to be a scam.
- Be wary of paying money into personal accounts. Of course not all businesses or vendors will be able to have a company account, but established businesses or vendors should have company accounts. If you find that the business or vendor is big or well established then a request to pay into a personal account is a sign that you might be dealing with scammers.
- Always do a internet search with the business name and phone numbers given with words such as “scam” or “fraud.” Use search engines, search on various social media and forums like nairaland.
- It’s always safer to make a purchase from a business or vendor who you know someone has used and comes highly recommended.
For Businesses/Organizations:
- Have dedicated reporting channels, either through phone, email, SMS and social media where customers can report scam isssues.
- Have inhouse or outsourced personnel to monitor social media for conversations around your brand and to seek our impostor accounts
- Apply to have your social media accounts verified. Top social media websites like Facebook, Instagram, Twitter etc; allow brands, business organizations to apply for a verification badge. This should allow your customers know which accounts they should trust and identify/authenticate business accounts and advertisements.
- Carryout periodic security awareness campaigns in which customers are educated about the latest scams and preventive measures.
- For big organizations, consider investing in AI-based advanced brand protection solutions.
In conclusion, Social media/online impersonation scams are dynamic in nature and an ever-increasing threat, but realizing that every online/social media communication between a business with its customers is a potential bait for a brand exploitation attack/scam will put you into the right frame of mind to the above proactive/preventive actions.
Contributors:
- Olarewaju Oluwabunmi
- Solomon Nwabueze
- Emmanuel Beyoma