Social Media Cyber Risk in the Age of Rapid Change

7 minute read

It has been only a matter of weeks since Elon Musk first announced changes to Twitter’s verification policy, and it’s been a whirlwind of activity (read: chaos) ever since. On November 9, I shared some initial thoughts around potential cybersecurity challenges, and as policy changes have been made public, two things are clear: 1. social media cyber risks aren’t new, but rapidly changing platform policies create opportunities for threat actors. And, 2. Twitter’s future is in flux and has security implications that cannot be ignored.

Twitter turmoil and cybersecurity risk

In a matter of days following the verification badge policy change, Twitter saw a huge uptick in impersonation accounts, many aimed at Elon Musk himself, illustrating the predictable challenge associated with a subscription-based verification model. In response, Twitter unveiled a second gray “Official” verification process, untethered to the “blue” check. It lasted 24 hours. In response, high profile brands and agencies paused their spend, urging their clients to wait until the platform offered “clarity on the social media platform’s plan for trust and safety.” 

Musk has since paused Twitter Blue, following the surge in parody accounts. While it is expected to return, no details have been released outlining how it will address social impersonations and the associated risks. Further complicating authentication and security concerns, Musk issued an ultimatum to employees, requiring them to agree to longer hours and harder work or leave. It’s estimated that more than 1,200 employees have resigned (and this doesn’t include the initial layoffs that accounted for nearly half of Twitter’s workforce). Since then, Twitter employees were required to return to the office, Twitter offices were announced closed until further notice, and Twitter engineers were subsequently required to return to Twitter’s headquarters.

By the time you read this, new developments could unfold, impacting the trajectory of Twitter’s future. There’s a lot to unpack, but the point here isn’t to pass judgment on Twitter or Elon Musk. That’s what tweeting is for (she said with a wink). The point is that these rapid-fire changes exacerbate security issues that already proliferate social media platforms and online forums, introducing risk to enterprises and individuals alike. 

Social media impersonations yield off-platform consequences

These changes – particularly around authentication – have had tangible consequences off-platform. For example, a fake but verified Twitter account (@EliLillyandCo), posing as pharmaceutical company Eli Lilly (@LillyPad), claimed “We are excited to announce that insulin is free now.” Eli Lilly’s stock price immediately fell 4.37%, cutting the company’s market cap by an estimated $15 billion.

Impersonation Twitter account with verification badge, posing as the pharmaceutical company.
A look at Eli Lilly’s stock price decline following the impersonation account Twitter posts.

Fake verified accounts impersonating LeBron James, Lockheed Martin, Nestle, Chiquita, former President George W. Bush, Nintendo, and Arizona governor candidate Kari Lake were among the many attracting user and media attention, parodying the actual account holders. Although traditional parody accounts are often innocuous, the credibility the verification badge has historically offered makes it more difficult for users to distinguish authentic accounts from impersonations. 

Brands and individuals face reputational damage, erosion of trust, and financial losses when impersonation accounts gain traction. Twitter does have a policy against impersonations, but before these fake tweets were taken down, they received thousands of likes, shares, and retweets. Many users believed they were legitimate. Many brands can connect with their audiences on Twitter, but in its current state, companies will have to be more vigilant to maintain their reputation and protect their brand identity.  

Social media impersonation attacks are common

Social media-based cyberattacks are a growing concern for security and marketing teams (among others) across a variety of industries. Adversaries can profit from your brand (while damaging your reputation) without ever attempting to cross your security perimeter. And, the spike in high profile fake Twitter accounts is not even the work of malicious cybercriminals; yet the business impact is the same. Seemingly authentic accounts have been tricking brand audiences to think they are legitimate, despite the off-brand content. Recently, Twitter users have been publishing full-length movies to the platform, indicating their copyright strike system is not functioning properly. If this persists, media companies could see a rise in pirated material, and Twitter could be subject to copyright violation lawsuits. Because national media outlets have covered these Twitter impersonations and copyright violations, the increased attention and awareness have helped mitigate the damage.

Twitter user shares full-length film, Hackers, illustrating an issue with the platform’s copyright strike system.

However, social media impersonation attacks are ubiquitous, and the national coverage won’t last forever. As the stories fade, the vigilance could easily start to wane. Detection, disruption, and prevention are critical to an organization’s cybersecurity program; and as more brand assets move outside the corporate perimeter, taking an outside-in approach to cybersecurity is increasingly important.

How to detect, disrupt, and prevent social media impersonations

Typically, brand-based social media impersonations don’t dominate news cycles, but that doesn’t mean the risk they post declines. Effective brand protection requires ongoing, proactive strategies that can identify and disrupt threats in the gray space – the digital environment beyond your perimeter where brands, customers, and threat actors operate and interact. While this can be done manually, it is an arduous, time consuming process. Consider the following tips:

  • Protect your intellectual property with the appropriate registrations. U.S. patents, copyrights, and even industry secrets can be registered with a government body. This will help the process of reporting and removing stolen IP.
  • Ensure your customers know how to contact your company and customer service representatives. It is equally important to clearly communicate how you do not communicate with customers and what personally identifiable information you do not require.  
  • Adopt automation software tools to detect impersonation attacks. It can help quickly identify irregularities between incoming messages and your company’s address book and help identify known spear phishing tactics.
  • Monitor your brand’s attack surface. Your brand identity lives beyond your organization’s owned environment, across a variety of public platforms like social media, website, and mobile apps. External cybersecurity strategies leverage AI-driven technologies to scale monitoring for and detection of fraudulent social media accounts, spoofed websites, and other threat infrastructure.
  • Arm your employees to recognize common social engineering scams with regular training exercises. Phishing, impersonations, and spoofing tactics don’t require deep technical expertise. They exploit human behavior. The better your employees become at identifying the signs of a scam, the safer your brand will be.
  • Proactively remove fraudulent infrastructure. Today’s attack surface doesn’t lend itself to a manual process – though it can be done – but with the rise in online scams, there has been a rise in digital risk protection tools and vendors that can automate the takedown process.

As more brand assets move outside the corporate perimeter, taking an outside-in approach to cybersecurity is increasingly important.

Impersonation scams are here to stay

While social media platforms come and go (anyone remember Friendster?) and Twitter’s future is uncertain, there is nothing to indicate impersonation scams are going away. On the contrary, with more information publicly available, these scams are likely to continue growing in popularity. Securing your brand and protecting its identity from impersonators and cybercriminals means adopting external cybersecurity strategies to proactively defend against these effective threat tactics that deploy beyond your endpoint. 

See ZeroFox in action