Social Media Fraud Increasing Faster than Inflation
During the worst of the COVID-19 pandemic, social media became a lifeline to connect with others on a personal level during quarantine. On a business level, social media became a dominant method to reach customers. Unfortunately, it also became an even more popular, easily adapted tool for criminals to use to gain access to potential victims.
Remember when your parents said not to trust anyone online? Turns out, they were right. According to the U.S. Federal Trade Commission's Social Media Fraud Report, social media fraud reports in 2021 comprised an estimated $770M in losses.
Often, social media is ignored when it comes to the discussion on cybersecurity awareness and proper cyber hygiene at a business level. However, protecting yourself and your business on social media is a key to staying safe in the gray space – the space where you and the adversaries both interact with your customers – online.
Download the Guide to External Cybersecurity.
Social Media Scams by the Numbers
Social media scams nearly tripled between 2020 and 2021, according to FTC data. These scams include those targeting businesses and individuals alike.
Below in figure 1, you’ll see the FTC data on reports and losses from social media scams. In figure 2, you’ll see ZeroFox data on the number of takedowns social media companies accepted on behalf of our customers. Comparing FTC and ZeroFox data, our takedown volume is likely a leading indicator of substantial losses from social media fraud in 2022.
Additionally, the ZeroFox Quarterly Threat Landscape Report has consistently found social media and social engineering scams to be a leading threat to businesses, accounting for 98% of all cyberattacks.
What does this mean for you? Whether you’re on social media for your business or you’re using a social media site for personal reasons, you are at risk of being targeted.
Examples of Social Media Fraud
Social media fraud is a blanket term that can encompass any type of fraud that happens on a social media platform. This might range from fake storefronts to spoofed accounts leading to phishing domains (and everything in between, like getting a DM from a “Nigerian Prince”). However, the FTC has reported three major types of social media fraud that is driving these high numbers.
- Investment scams: These have increased as the popularity of cryptocurrencies and “meme stocks” accelerated in 2021. For example, you might recall the major meme stock surges that took place with Gamestop, AMC, and Bed Bath and Beyond in recent years due to group conversations on Reddit and other social media sites. This can have major implications for both businesses who have major stock changes and people who sink their money into these scams.
- Romance scams: Unsurprisingly, these increased during the pandemic. Criminals prey on people looking for love. Often, the pretext used is of a military member serving overseas. ZeroFox has successfully worked with social media companies to takedown more than 89,000 impersonations of U.S. Department of Defense political appointees and general officers in the past five years.
- Online shopping scams: In this scam, criminals use fake storefronts and lookalike social media ads to lure in victims. These victims frequently identified Facebook and Instagram as the platform where the fraud started. For example, you might see an ad for something that seems too good to be true, and since Facebook ads don’t show on the traditional news feed, it is easier for scammers to hide the scammy ad once they’ve had enough people take the bait.
Of course, these are only a few examples of the types of social media fraud that exist. It’s important to note that these can impact people on both a personal and professional level. Further, even though you think you are vigilant about online security and would never fall for a scam, let me assure you, they can happen to anyone.
A few examples of social media fraud that happen against businesses outside of those already mentioned include:
- Account impersonations/spoofing: This happens when a fraudster steals your company’s branded assets, like logos and other identifiable content, and creates an impersonation account of your brand or executives. This can cause major reputational damage, revenue loss, and ultimately tarnish your brand as adversaries target your customers.
- Executive attacks: This is twofold. Your executives can be spoofed just like brands mentioned, and this can cause reputational damage and harm customers and relationships. But on another level, bad actors can trick your executives into giving company information via social media.
Again, this list isn’t exhaustive and there are other nefarious social media scams lurking online beyond impersonations.
ZeroFox Recommendations for Defeating Social Media Scams
So what can you do to stay safe online when it seems that nothing, and no one, is what they seem on social media? We have a few social media fraud prevention best practices below.
- For individuals:
- “If it seems too good to be true, it probably is.” You’ve heard that before. And it’s true. Consult a licensed financial professional before investing based on social media tips.
- Never send money to someone you met through social media without verifying they are who they say they are.
- Use multifactor authentication, like the many Authenticator apps from Microsoft, Google, and LastPass to add a second security control when logging on to social media accounts.
- Use a unique password or passphrase on every social media site to prevent one compromised credential from leading to complete takeover of your online world. Browser-owned password managers or managers from companies like Dashlane, 1Password, or LastPass help users create and maintain unique passwords.
- For businesses:
- Use a two-person authorization system for larger transactions to help reduce the likelihood of a scammer tricking an employee into sending large amounts of money.
- Consider a trusted external cybersecurity provider to continuously monitor social media for abuses of your brand and automate the takedown of misleading ads.
- Implement protections for your brand and executives to monitor for impersonations and spoofed accounts online.
- Implement commercial social media management tools integrated with your own company’s identity and access management tools (e.g., Okta, Microsoft) and standards to prevent account takeover.
Social media management is part of a greater external cybersecurity strategy. To learn more about external cybersecurity, download our new Guide to External Cybersecurity.
Tags: Cyber Trends, Phishing, Social Media Protection, Social Media Security