Don’t Fall for a Fake- There’s No Such Things as a Free Gift on Social Media
July 5th, 2016
Subscribe to our blog and stay up to date
You can find them on all social media platforms: LinkedIn, Facebook, even Twitter and Instagram. Corporate social media accounts which, for one reason or another, don’t look quite right. Many of these suspicious-looking “Official” social media accounts claiming to represent companies or organizations have no association whatsoever to that organizations.
This is the first in a series of posts in which we will dive deeper into this fraudulent world and provide you with insights to better understand the risks and actionable tips to minimize your risk.
Why Do People Fake Company Profiles?
People are much more inclined to connect with entities on social media that they are familiar with in the outside world. Fake company profiles enable criminals and fraudsters to appear to be legitimate and thus appear trustworthy to other users. This trust can later be exploited to divert users to a malicious site or to open a message bearing an infected file.
Fake accounts can also be used to conduct psy-ops and affect online political campaigns, for instance, to tarnish a candidate’s reputation. They may also be used for commercial purposes to gain insights into competitors’ accounts or to manipulate public perception and stock prices. Imagine if a fake ‘Nike’ account listed as ‘Nike-US’ or the like, with thousands of followers tweeted a racist remark. The impact on Nike’s stock price would be immediate, and they would have to invest heavily to mitigate the public opinion and media onslaught.
Whilst some fake profiles are no more than pranks, they present numerous dangers to unsuspecting customers, regardless of the motivation behind their creation.
Fake accounts are not only a nuisance, but threaten organizations. They divert “would-be followers” from official accounts, endanger the reputation of the company, and may even cause an organization to be liable to libel charges (which will be proven false in court, but the hassle and legal fees will be substantial). Moreover, fake profiles can easily be exploited for phishing, social engineering and distribution of malware.
Attributes of Fake Accounts
The aim of a fake profile is to confuse users into believing that they’ve reached a legitimate social media profile. There are several ways to achieve this:
- Typosquatting: Using common misspellings or syntax to look and sound like a company name. This can also be achieved by mixing/adding characters to the name, e.g. swapping an "o" for a "0" (Zero), or a "w" for "vv", etc. This a common practice adopted from the phishing domain.
- Feigning to be a local branch of a global organization, e.g. ‘HSBC Israel’, ‘Facebook Germany’, etc. In such cases, syntax and spelling remain the same and the company’s characteristics (logo, images, etc.) will likely resemble those employed officially.
- Adding terms such as ‘contact’, ‘info’ or ‘help’ to the organization’s name in order to encourage user interaction.
- Offering gifts or promotions such as coupons to lure people to fake profiles. The “offers” will be represented in the account name, using terms such as ‘free’, ‘coupons’ or ‘gifts’.
Other suspicious content requires more careful analysis. If the profile name appears genuine, but the content itself seems too "intense" – for instance, the use of many question marks, smiling emojis or promises to give away gifts and money, the legitimacy of the account should be questioned. Similarly, images with text which is difficult to read (and thus hard to spot syntax and spelling errors) and an amateurish appearance is a typical tell-tale attribute of a fake profile.
How to Prevent Falling For Fake Profiles
- Only trust Twitter and Facebook accounts that are marked by a blue ‘V’. This signifies that the account is verified by the social network operators.
- Check whether there is a link to the social media account on the company's official web page.
- Be wary of any unexpected additions on the user handle.
- Trust your instincts- If you feel like the profile's content or description is trying to encourage you to do something you didn't originally intend, such as entering a 3rd party link or filling out personal details, you should probably avoid doing so.
Other indicators include:
- An account that offers things which seem too good to be true, such as gift cards, discounts or vouchers, etc.
- Account's language seems too “low” for an official account
- The profile looks immature or childish
Each of these characteristics can indicate that the account is fake.
In future posts, we will explore the dangers of fake personal profiles and suggest some ways to mitigate them.
This post was composed by IntSights Cyber intelligence analyst Haim Glikman.
Maya strives to provide security teams with the knowledge and tools needed to enable proactive defense against emerging cyberattacks.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.