Labs

That’s Not You: Social Media Impersonation and Phishing

Social media impersonations come in all flavors and for a variety of purposes. Facebook reported that for 2015 up to 2% of its monthly average users—31 million accounts—are false, and Twitter estimates 5%.

One of the more nefarious purposes for social impersonation is victimizing unsuspecting people who may believe they are legitimate accounts—especially those looking for help or support. A technique this set of social imposters uses is mass phishing campaigns. From RiskIQ’s years of historical blacklist information, the RiskIQ threat research team discovered the fraudulent Twitter account @tescobankhelpe, which attempts to disguise itself as a support account for a major UK-based bank:

Social media impersonation comes in all flavors.Twitter estimates that for 2015 up to 5% of its monthly average users are false.

Just like many phishing websites, fraudulent social media accounts will often use common misspellings of the target brand to fool incautious users. The addition of an “e” at the end of the handle is a giveaway if the visitor to the profile is observant.

This profile is looking for broad exposure in attempting to get victims, tweeting the phishing URL directly. Visitors to the profile will see the malicious URL front and center, while the account plays at legitimacy with the description off to the right including the cautioning phrase “Please don’t post personal data, use private message.”

Clicking into one of the tweeted URL brings you to a web page that looks like an official login, with links to view the community, mortgage management, and registering for online banking along with the username submission:

Social media impersonation comes in all flavors.Twitter estimates that for 2015 up to 5% of its monthly average users are false.

Detecting Impersonation is Easy, But Many Customers Don’t Do It

The phishing URLs used to try to disguise themselves as well, with names such as hxxp://tesco-creditcard-services[.]890m[.]com/, hxxp://tescomobileupdate[.]16mb[.]com/, and hxxp://online[.]tescobankservice[.]5gbfree[.]com/. These names are used to fool a casual observer, but someone who is paying close attention should immediately become suspicious when reviewing the domains. 5gbfree[.]com, for instance, is a free hosting provider, and it is doubtful that any financial institution would use their service for online banking.

This profile is just one example of many where threat actors are trying to lure in unsuspecting victims on social media sites that they believe are safe, such as Twitter or Facebook. Unfortunately, the combination of trust in the social media site and in big name brands that use these sites to help their customers is perfect for the bad guys trying to trick a lot of victims out of their personal information. Being critical of the profiles you’re visiting is a major step in browsing social media safely, but many consumers do not practice enough caution.

Protecting Your Customers on Social Media

In the age of social media, having an advanced social threat detection strategy is critical. The low barriers to entry and high visibility of social media make it a fast and powerful tool for threat actors seeking large audiences with which to commit fraud.

RiskIQ External Threats taps our virtual user technology to offer an enterprise solution that detects and eliminates social media-based threats like impersonation against an organization, its employees, and its customers. Our platform correlates and contextualizes threats in all social media channels with other web and mobile data for comprehensive threat detection.

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor