Cyber-criminality is inseparable from the Internet: it is a permanent resident of the World Wide Web. Hackers and other scammers don’t get tired of deceitful schemes; it’s their favourite game. Targeting a large number of people at the same time when they have their guard down, such as on social media, is extremely profitable for the criminals.

The reason cyber-criminals focus on social networking nowadays and have omnipresent malware and phishing on social media is very simple: people frequently use social networks to share various links – to a website, e-shop, video, story or article they have enjoyed. Since the links are exchanged between “friends”, “followers” or services they are familiar with, many people will simply click on them, without even thinking for a second that these hyperlinks might represent potential threats. Trust is a core component of social networking, as it is also a core component of a phishing attack.

User behaviour will always be the most significant driver for online crime developments: when users create new habits and trends, hackers will follow. Social networks are especially lucrative for fraudsters, since they have learnt how to exploit the vulnerabilities. While browsing on Facebook, Twitter, LinkedIn or Instagram, people are not as focused on cyber-security as they are while dealing with Internet banking, for example. Doesn’t surfing on personal social media accounts feel like a holiday from other boring day-to-day web-browsing? Being more relaxed and casual while clicking through various links, means it will take longer to identify a threat.

Another key risk of using social networking is the ever increasing number of new members: phishers can then always count on casting a very wide net, expecting great output from a steady stream of new, credulous potential victims.

It is nearly impossible for the average user to see the difference between a legitimate page and a malicious one (see our article “Beware of fake social media account”). Can you tell the difference between a genuine coupon and a phishing link? Are you sure you are interacting with genuine customer support, or could you in fact be having a conversation with a cyber-criminal? Such fraudulent social networking activities can become very costly for organisations. It could cause damage to their reputation or even the loss of loyal customers, who don’t feel safe interacting or shopping with their company anymore.

A really alarming fact is that, according to a study published in August 2010, 75% of users’ social media passwords were the same as their email passwords. For an attacker, stealing credentials from anywhere online (social network, forums, e-shops…) is as good as an open window on all their victims’ online lives.

One major trap which is spreading on social network is the ever popular trend of playing games with contacts. It starts as a free hobby, but then to obtain upgrades, more power or coins or lives are needed and payments quickly take over. The consequence is that it is suddenly completely normal to have financial transactions through a social platform. Two main risks from this habit are that:

  • It legitimises providing credit card details while enjoying social networking
  • It creates more ways for the cyber-criminals to attack, phish and steal from their victims

Social media has drastically changes the way we work and communicate. These platforms now play a vital role in gathering relevant information for organisations who are looking to develop a presence on both the traditional and digital marketplace. As with any other high value asset, companies should protect their social accounts from malicious impersonation, phishers and cyber-criminals in general. One of the major risks of not acting on social media brand abuse is, of course, financial losses.

Having active monitoring of their social networks is no longer an option for organisations who want to protect and secure their reputation and customer relationships.

FraudWatch International is the leader in anti-phishing, but also specialises in monitoring fraudulent activities on social media. We provide a comprehensive solution to monitor hundreds of popular global and localised social media sites for fake social media profiles impersonating our clients’ brands.

Next week, read our second article on this topic. It will cover what the current hoaxes are that you should be on the lookout for, and how you can protect yourself whilst engaging in social networking.