Four in 10 Risk Malware from Shadow Retail Brands on Social Media
July 12, 2016
London – July 12 2016 – New research conducted by OnePulse for RiskIQ, the leader in external threat management, has found that 65 percent of Britons engage with retail brands on social media with 44 percent saying they click on links provided by brands. The research also found men are more likely to follow a link without knowing where it directs, more than half (51 percent) admitted to be quick to click as opposed to two in five women (40 percent). However, a rise in brand impersonation means bad actors can exploit user trust by intercepting communication with rogue social media profiles and expose them to malware, ransomware or credential harvesting sites. Last month alone, RiskIQ’s global crawling infrastructure detected 3.2M active phishing sites and 1.8M sites serving malware and scams.
Bad actors are exploiting this kind of behaviour by impersonating retail brand profiles and taking advantage of URL shorteners by using these to mask malicious sites. URL shorteners deter users from scrutinising URLs before clicking and the absence of URL transparency allows threat actors to take a user through a series of redirects before arriving at the intended destination potentially hosting malware or other unknown malicious content.
This is very much a growing problem: when asked, 72 percent of these people said they engage with retail brands more than they did two years ago. The top channels the public use to engage with or complain to brands are:
- Facebook (44 percent)
- Email (38 percent)
- Twitter (30 percent)
- Website (30 percent)
“There’s a growing trend of malware and ransomware attacks on social media and clicking any link without knowing the source is risky. The blue badge on Twitter or Facebook is easy to miss or ignore as the survey results show. On Facebook, a simple address is all you need to secure a grey badge for your business’ profile,” commented Ben Harknett, VP EMEA at RiskIQ.
Recent reports 1 have highlighted a sharp rise in identity fraud with fraudsters trawling social profiles for personal information to use for malicious intent. However, the inherent trust of users on social media is making people vulnerable to a number of threats from identity fraud to ransomware.
When interacting with retail brands on social media, about one in three (31 percent) say they don’t or don’t know whether they check for the blue verified badge. When engaging with retail brands, respondents say they check for:
- The verified badge (53 percent)
- The brand’s other Tweets/posts (42 percent)
- The brand’s replies to other people’s Tweets/posts (40 percent)
- Tweets/posts from other people (32 percent)
- The Twitter handle or Facebook URL (31 percent)
- The brand’s number of followers/likes (24 percent)
“We’ve been conditioned to spot the tell-tale signs of a scam when it comes to email, and we know better than to click on links from unknown sources. However, our interactions through social media take place “in the moment” and as a result, users are even more susceptible to the same kinds of scams that happen on other channels,” Harknett continued.
Top five tips for ensuring safety on social:
- Where your communication involves personally identifiable information, chose an alternative method to communicate with a brand, e.g. official phone number, official email, trusted website.
- Scrutinise the brand’s social page – how long has the page been active? How many followers or number of likes does it have? What are other people saying about that account?
- Be confident of the authenticity of a social account before clicking on a shortened link.
- Check for the verification badge if a brand responds to your post on social media – there are many brands that don’t have them but it does provide a level of assurance when present
- Put your “email head” on and think twice before you act.
RiskIQ is a cybersecurity company that helps organizations discover and protect their external facing known, unknown and 3rd party web, mobile and social digital assets. The company’s External Threat Management platform combines a worldwide proxy network with synthetic clients that emulate users to monitor, detect and take down malicious and copycat apps, drive by malware and malvertisements. RiskIQ is being used by leading financial institutions and other companies to protect their web assets and users from external security threats and fraud. It is headquartered in San Francisco and backed by growth equity firms Summit Partners and Battery Ventures.
To learn more about RiskIQ, visit www.riskiq.com.