A new academic study of more than 1.3 million social media accounts was given recently at this month’s Usenix conference in Philadelphia. The paper, entitled The Imitation Game: Exploring Brand Impersonation Attacks on Social Media Platforms, makes for interesting reading and sadly shows just how well developed this ecosystem is. Ironically, as business brands pay more attention to social media interactions with their customers, they also enable imposters to launch attacks because people now expect companies to interact with social media. This means that there are many scam accounts that impersonate the brands to create confusion. These lure customers into providing private data and can result in stolen funds and further attacks. The research claims to be the first large-scale measurement of the social scamming ecosystem.
The research team, which was composed of academics from Germany and the US as well as from Paypal, identified almost 350,000 usernames performing various typosquatting techniques to impersonate more than 2,800 brands across Twitter (I know it is called something else, don’t remind me), Instagram, YouTube and Telegram.
Typosquatting is using deliberate typos in user and domain names to make it appear that paypel_support is really the people answering your connection problems. It is not a new problem when it comes to domain names, but as I wrote earlier this year for DarkReading, its use is proliferating in a variety of ways. One way that I didn’t mention is how fraudsters are using it across social media networks. Twitter “is the primary platform for brand impersonation attacks, with fraudsters frequently using typosquatting in their usernames. Roughly a third of these deceptive profiles also use official logos to appear more legitimate.”
The team found that brand impersonation involves multiple steps: after setting up a fake profile (oftentimes using the real brand’s logo to lend legitimacy), the fraudsters engage with customers through posts and offer phony incentives such as discount cards, free services and the like. But the attackers then collect sensitive data, including identities, credit card numbers and other details that are used to engage them in other fraudulent activities.
The most commonly targeted brand is Netflix, which is troubling because right now Netflix is sending out numerous legit messages heralding a change in their account pricing. Apple is the second most targeted brand.
The researchers have several suggestions to try to stem the tide, but admit these will be tough to implement. One of them is pretty obvious: in their work with Paypal, they found that many brands haven’t done their homework and failed to use Know Your Customer methods and continually scan for stolen identities, monitoring their brand mentions online or check for fraud card usage. One recommendation is to send out a quick autoresponse to a customer query to try to engage them before the scammer does. Another is for social media platforms to validate a brand when a new account is created, so that the owner of the proposed paypel_support account really is someone@paypal.com and not fakeuser123123@gmail.