Social media impersonation: What is it and how to stop it

Date: 03 March 2021
Author: Red Points

Your customers’ security is paramount to you and your organization. That’s why cyber scams like brand and social impersonation harm businesses of all shapes and sizes. According to the Federal Bureau of Investigation (FBI), impersonation attacks have caused global losses upwards of $5.3 billion. By stealing your clients’ sensitive information and money, this can erode the confidence of the victims and ultimately impact your customers’ trust in your organization.

What is social media impersonation?

Impersonation or identity theft in social networks refers to accounts that use the name, image or other identifying elements of a person, company or organization for fraudulent purposes. They differ from other legitimate uses of a brand or person, such as fan accounts, parodies or criticism and information pages.

Types of impersonation

There are many different types of impersonation, from phishing scams that ask for personal information to be sent to an outside account to full-blown online fraud that has you buying products from illegitimate sellers. Here are some of the most common ways scammers have been impersonating brands:

  • Phishing: by impersonating a brand (or its employees), scammers seek to obtain sensitive customer information or data, such as social security numbers, passwords or bank details. The financial sector (particularly many FinTech companies, which tend to have more interaction with their users through social networks) is one of the most impacted by these practices.
  • Counterfeiting: these are fake pages of a brand that try to deceive its consumers by selling them inauthentic products. They often operate through aggressive advertising campaigns that target brand consumers and redirect them to a website outside the social network where the transaction takes place. This practice affects a multitude of industries, but is particularly relevant in the luxury and fashion industries.
  • Fake news: these are accounts that impersonate politicians, celebrities, public institutions or advertising agencies, among others, with the aim of disclosing false information and news.
  • Scams: although not always carried out by impersonating a third party, many of the main frauds on the Internet (coupons, romance fraud, 491 scam, account takeover, etc.) have their origin in identity theft through social networks.

How do impersonators operate?

The way impersonators operate is very diverse and depends on the social network, the objectives pursued by the impersonator and his level of sophistication. However, there are some common behaviors that have been observed in different impersonation attacks:

  • There is usually a correlation between the number of impersonations a brand suffers from and its social media presence. At one end, brands that do not have an official account are often an easy target for fraudsters, who will try to take advantage of this gap to deceive the brand’s followers. At the other end, we tend to observe that brands with more presence (number of followers, posts, campaigns, etc.) are also a prime target for impersonators, as they know there is a large base of brand customers to defraud.
  • Impersonators often use the same photos, names, descriptions, posts, hashtags, etc. as the official accounts. It is also common for them to impersonate “support” or “customer service” pages or run raffles and promotions. The fact that a given account has few posts does not imply that it is risk-free: it may be sending private messages or running aggressive ad campaigns on the social network and redirecting those affected to external web pages on which to defraud them.
  • On many social networks, newly created accounts can take up to several days to appear in search results. The most sophisticated impersonators take advantage of these periods when they are less visible to launch very aggressive attacks, often through ad campaigns targeted directly at the brand’s consumers.
  • The type of social network strongly determines the forms of impersonation. On networks such as LinkedIn, for example, impersonations of brand executives or employees are more likely to be encountered. In networks such as Facebook, impersonations are most commonly done through “Pages”, although sometimes they are also carried out through “Profiles”, “Groups” or “Events”. It is important to understand the way each platform works and its audience in order to correctly identify the different types of impersonation.

The article continues on the Red Points’ blog.

Wish to find out more about online fraud, the impersonation techniques, and how to protect your brand? Join our webinar on March 18th!