Top 6 Threats to the Media & Entertainment Industry on Social Media

Top 6 Threats to the Media & Entertainment Industry on Social Media
5 minute read

For highly-visible industries, media & entertainment chief among those, staying competitive means maximizing exposure where viewers and customers are most active -- social media. But while exposure has been a game changing benefit for marketing, advertising, sales and recruitments teams, exposure has a radically different meaning to security, risk and compliance.

In the world of social and digital channels, security is the fastest growing threat vector and cyber criminals have found an all new medium to go after the media & entertainment industry.

Over the past 4 years, ZeroFox has worked with dozens of media & entertainment companies both big and small, from local news stations to highly-visible celebrities to the best media conglomerates on earth. Social and digital risks impact these organizations across the board. Here are some of the most common threats to the media & entertainment industry:

Account Takeover

Example: Hijacked brand account distributes malicious links and fake news to followers, damaging fan engagement

A media company’s social media profiles are incredibly valuable assets, just as important (if not more so) than the website or the corporate network. So much of the brand’s value and its ability to reach an audience is dictated by those owned social media accounts. And because media organizations invest millions into building followers, engaging and turning social reputation in dollars, attackers value these accounts too.

Account hijackings always make the headlines. For media organizations with sizable followings, the fallout can be devastating: millions of lost followers, public relations nightmares, lost customers and decreased engagement. At the scale of social media, this cost can be huge. Even a 1% dip in social ROI can have lasting consequences for big brands. The reputational damage is harder to quantify but equally problematic.

Attackers have a variety of ways they breach a social media account, but it can range from brute forcing insecure passwords and targeted phishing schemes against social media managers to breached 3rd party apps and lax security at a partner organization, such as a digital marketing agency.

Although account takeovers are infrequent, when they do happen they make headlines and can have dramatic repercussions.


Example: Attackers post malicious links to company Facebook Page that redirects followers to fake company domain harvesting PII

The cyber criminal’s bread and butter, spearphishing, performs incredibly well on social media. Social media is an inherently trusted platform, lacks security visibility, and broadcasts its users to nefarious actors. A cybercriminal can footprint an entire financial institution with no more than a LinkedIn query.

Attackers create fake accounts — an impersonation of the media institution’s talent, executives or support account — and engage with their target at the company. These targets are often other executives, anyone who’s a worthwhile target or has access to sensitive data, such as IT admins, HR or celebrity talent. As long your company has people, spearphishing will continue to be the top way to breach the corporate network.

Physical threats

Example: Social chatter telegraphs physical threats against VIPs and events

Media organizations often work closely with public figures and celebrities. They also leverage physical spaces for events, marketing promos, sponsorships and much more. Both people and physical spaces are subject to physical threats posted publicly on social media and digital channels. Rapid access to this data can help avert disaster, as in the case of a would-be shooter at a Pokemon convention who was arrested after posting his plot online.

Even if a bad actor isn’t openly threatening a celebrity or event, posts made by organization-affiliated accounts can increase risk. If a highly-public person posts about their whereabouts, travel plans or lodging, they can be targeted by robbers and physical attackers. This happened to Kim Kardashian in Paris, who, after posting about her hotel room on Instagram, was held hostage and robbed by attackers who gained intel via her public posts. Earlier posts showed Kardashian sporting incredibly expensive jewelry made her even more of a target, and the thieves made off with $5.6 million in stolen property.

Media organizations can collect this intelligence, both inbound and outbound, to bolster corporate security practices and identify at risk executives or VIPs who are disclosing a dangerous amount of information.

Customer fraud

Example: Spoofed Twitter customer support accounts defrauds customers and advertises pirated content

With so much engagement occurring online, scammers are quick to exploit interactions between customer and brand. Attackers create fraudulent brand profiles and support accounts and engage with followers discussing the the company and its content. Once trust has been established that the account is a genuine representative of the brand, they extort hard earned followers into disclosing credentials, filling out fake surveys, giving up credit card information or downloading malicious code.

These customer scams run rampant on social. They are difficult to catch at scale and pop up again once one is taken down. Social media offers scammers an easy to use platform with the ability to engage with billions of other users.

Brand & VIP impersonations

Example: Fake profiles on Instagram scams customer’s credit card info and erode trust in the brand when making buying decisions

The most popular cybercriminal/scammer tactic on social media is creating fake accounts to engage in all forms of social engineering. Building a fake account is trivial, and even non-technical adversaries can build a convincing fake account with images, logos, and messaging lifted verbatim from the real account. The accounts, such as fake celebrity profiles, engage fans and followers of the actual media & entertainment firm to extort money and distribute malicious links.

The range of attacks that can be launched via an impersonation account is massive. Fraudulent accounts scam customers, socially engineer sensitive data from privileged access employees, spearphish executives, disseminate phishing links at scale, extort followers and more.


Example: Unaffiliated accounts hijack marketing hashtags to advertise pirated content on fake websites

Social media is every marketer’s favorite new tool, even if the goods and service they advertise are illegal. Pirated content, an inherently digital product, thrives on digital marketing channels. Pirates can hijack the existing conversations around a given piece of content, even using your own marketing hashtags, to siphon off clicks and dilute revenue.

To find out more about the ZeroFox Platform, which provides automated threat detection and remediation across social, digital, deep & dark web, mobile and collaboration platforms, visit

Tags: Cyber Trends

See ZeroFox in action