Happy Halloween! I hope you are reading this dressed as a pirate or a princess or your favorite fox (Zero the Fox, of course). Halloween is a big deal at ZeroFOX. Everyone dresses up for a costume contest (take a look at our Instagram on Friday to see our contest winners!) and takes time to celebrate together. Although at times we may wish that it would, the internet doesn’t take time off for Halloween (or any holiday for that matter!). Bad actors are lurking in the shadows, sharing scams on social media and other digital channels like blogs and forums.
Since Halloween is all about the spooky and the scary, we’re compiling some of the spookiest scams you, your team, employees and whole organization should be aware of on social media.
Pretending to be someone you’re not: great for Halloween, not so great online. While you are out dressing up as a ghost or your favorite version of Britney Spears, bad actors are on social media dressing up as their favorite character: you and your brand. Based on previous research from the ZeroFOX Alpha Team, brand impersonations increased 11x between 2014-2016. With Facebook, Twitter and other platforms removing fake and imposter accounts in troves daily, these numbers have only increased (particularly during an election cycle, like the one we’re currently in).
How can we unmask these impersonating accounts before they target your employees, prospects, customers and followers? The best place to start is actually internally. Take stock of the social media accounts your organization owns. You may actually be surprised to find old, unmanaged accounts that you forgot you created as part of a marketing initiative or training effort. Remove those old accounts to create single sources of information for everything you want to convey. Next. work on getting current accounts verified, if they aren’t already. The verification check is critical to help followers distinguish between the real and the fake. Once you’ve defined what you own, you can identify the imposters. Fake promotional, customer support, recruiting, and other brand impersonations should be reported for removal.
Remember, just because your friend had the perfect Oprah costume last Halloween, doesn’t mean that the accounts out there pretending to be Oprah are real.
The Account Thief
Unfortunately, the bad guys on social media don’t limit their malicious activity to Mischief Night (for those of you from anywhere other than the East Coast of the US, this is the notorious night before Halloween). One the most common attacks we find on social that affects individuals and businesses alike is account hacking. Hackers use malicious links aimed at employees or individuals to gain credential information like usernames and passwords. Other common tactics include spearphishing campaigns where a single account hack spreads among the hacked account’s friends and followers, allowing the account thief to capitalize on your friends and followers. For organizations, account hijacking can lead to losses in followers, engagement, customer trust and loyalty and ultimately a loss in revenue.
Avoid account thieves by taking preventative measures, such as creating strong passwords and enabling two-factor authentication. For key brand accounts, consider implementing a solution that alerts your organization to early indicators of account hijacking, from profile picture or bio change to erratic posting and commenting.
7 Years of Bad Luck and Scams
Finding a good deal online can feel like hitting the jackpot. But fake coupons and customer scams on social media can cause that good luck streak to come to a screeching halt. If a coupon or deal seems too good to be true, it probably is.
Bad actors rely on clickbait and false advertising to entice unsuspecting users to click on their malicious links and fake coupons. For organizations that rely on e-commerce and online revenue, these customer scams represent an even greater risk. 96% of Americans with an internet connection have bought something online. This stat is even more relevant as the holiday season approaches with Cyber Monday coming up. Take stock of where your merchandise is being sold and work on identifying any unauthorized resale or sales of counterfeit, stolen or pirated goods being sold on web marketplaces such as Ebay, Amazon, Aliexpress, and other sites where bad actors thrive.
As for coupon scams on social media, communicate directly with followers and customers about where they can purchase your merchandise. Promote real coupons and sales on your owned accounts so customers know where to find the single source of truth for all of your product promotions.
The Ghost of Information Past, Present and Future
Sharing information is a central component of all social media platforms. But the unauthorized sharing of sensitive data and proprietary information is a whole different story. Malicious actors looking to capitalize on selling your past confidential financial statements, present customer lists, and future product plans are lurking in the shadows of social media and other digital platforms you use for business. These actors use phishing, malware and social engineering campaigns to gain access to your proprietary information in order to sell it to the highest bidder.
Secure your information and safeguard your customers from information leakage by ensuring you have preventative and reactionary policies and processes in place for handling data loss. Never share sensitive information on social media and train your employees in proper social media security best practices.
In Summary: The Spookiest Scams on Social Media
Halloween is one of the most fun days of the year. It means trick or treating, pumpkin carving, candy and dressing up in funny or scary costumes. Don’t be scared by scammers and other bad actors on social media. Learn how to prepare yourself and your organization against these and other spooky scams on social media, today and everyday.