This document outlines the history and rise of social media fraud, from the early days of MySpace and LinkedIn to the present. It notes several high-profile examples of fraud on Twitter and other platforms, including impersonations of CEOs and fake corporate accounts. The document warns that the connectivity of social media has created risks like fraud, social engineering, and malware. It recommends organizations develop social media risk policies, continuously monitor for issues, analyze threats and prioritize responses to mitigate risks.
1. social media fraud
A TIMELINE
MYSPACE LAUNCHED AS
A CLONE OF FRIENDSTER
LINKEDIN LAUNCHED AS A
SOCIAL NETWORKING SITE
FOR PROFESSIONALS
‘03
FACEBOOK LAUNCHED AT
HARVARD UNIVERSITY
TWITTER LAUNCHED AS A SOCIAL NETWORKING
AND MICRO-BLOGGING SITE.
FACEBOOK LETS THIRD-PARTY
DEVELOPERS CREATE FACEBOOK APPS
SURPASSES MYSPACE IN MONTHLY
UNIQUE VISITORS
During “Deepwater Horizon” oil spill: With more than 20,000 followers at press time, the cynical
response to the oil spill was twice as popular than BP's actual Twitter page, @BP_America.
The vulgar rants of Yahoo's dragon
lady/CEO, Carol Bartz, appeared
under a fake Twitter account
A fake Richard Branson Twitter account
promoted a London taxi service as an
“endorsement” from Branson
Paramount Entertainment impersonator blasts racist and inappropriate/offensive Tweets
FACEBOOK REACHES
1 BILLION USERS
BILLION
WITH A B
‘04
‘06
‘07
‘09 FACEBOOK REACHES
200 MILLION USERS.
‘10 MAJOR EXAMPLES OF SOCIAL FRAUD APPEAR ON TWITTER
‘12
‘13 Southwest Airlines has an impersonator on Facebook with over 1,900
followers who may not know information from the page isn’t real.
American Airlines, Jet Blue, Delta, United Airlines and Emirates were
all victims of a mass-scale scam on Instagram, promising fake VIP
deals and giveaways.
‘14
THE SOCIAL MEDIA TECHNOLOGY THAT CONNECTS US IN A DIGITAL
WORLD HAS CREATED IMMEASURABLE LEVELS OF RISK.
IMPERSONATIONS, FRAUD, SOCIAL ENGINEERING AND PHISHING
AND MALWARE CAMPAIGNS PLAGUE THE SOCIAL MEDIA UNIVERSE.
BY THE NUMB3RS
SOCIAL NETWORKS ARE NOT JUST WEBSITES -- THEY ARE BUSINESS DESTINATIONS AND POWERFUL
MARKETING TOOLS. THE VERSATILITY AND UBIQUITOUS ACCESS OF THESE SOCIAL NETWORKS CREATES
COMPLEX AND DANGEROUS RISKS. ORGANIZATIONS MUST ADDRESS CYBER, BUSINESS, AND BRAND
RISKS AS THEY BUILD THEIR SOCIAL COMMUNITIES.
OFCOMPANIES
BELIEVEEMPLOYEE
USEOFSOCIAL
MEDIAPOSESA
THREATTOTHEIR
ORGANIZATION.
72 OFUSERSSAY
THEYHAVE
BEENSENT
MALWAREVIA
ASOCIAL
MEDIASITE.
33 24OFSMBSSAY
THEYHAVEBEEN
COMPROMISED
BYEMPLOYEES
USINGSOCIAL
MEDIA
5 10% %
BETWEEN5AND10PERCENTOF
TWITTERACCOUNTSAREFAKE.
THEAVERAGECOSTTOGETFAKE
FOLLOWERSINTHEFAKEFOLLOWER
“MARKET”ISONLY$11FOR1,000.
fakebook
FACEBOOKESTIMATESTHAT
BETWEEN5.5PERCENTAND11.2
PERCENT(68TO138MILLION)OF
ITSUSERACCOUNTSAREFAKE.
DEVELOP A SOCIAL RISK POLICY
Understand the risks that social media introduces and determine which matter
to your organization
Publish policy to the team members responsible for responding to social media
threats and risks
CONTINUOUSLY MONITOR SOCIAL MEDIA
Establish a real-time monitoring process to find potential risk issues across all germane
social media platforms - not just Facebook and Twitter!
ANALYZE ISSUES & IDENTIFY RISKS
Leverage a sophisticated security analyst toolkit to analyze potential issues and identify
threats and compliance issues
PRIORITIZE BY SEVERITY & IMPACT
Categorize and prioritize response actions based on severity and business
impact of identified threats and risk issues
“Furby” children’s toy victimized by fake Instagram account. Thai
woman behind fake account steals over $200,000 (6 Million baht).
1,000 X
5.5%
11.2%
The History of
VISIT ZEROFOX.COM TO LEARN MORE
VIP
SOCIAL MEDIA USAGE HAS EXPLODED SINCE THE INITIAL DAYS OF MYSPACE. BY 2009, FACEBOOK HAD HUNDREDS OF
MILLIONS OF USERS, BECOMING THE TOP ONLINE DESTINATION FOR CONNECTED PEOPLE WORLDWIDE. NETWORKS
CONTINUE TO GROW, WITH 1 IN 3 PEOPLE IN THE WORLD PROJECTED TO USE SOCIAL MEDIA DAILY BY 2017.
REMEDIATE & MITIGATE
Execute pre-built remediation and mitigation strategy to minimize damage
Integrate cyber threat information into security systems to prevent compromise.
Work with social media networks to “takedown” malicious accounts, posts, threats
and compliance violations that exist on their platforms
1
2
3
4
5
ZEROFOX RECOMMENDATIONS