Threat actors increasingly use social media to attack brands, VIPs, and customers. The types of threats on these platforms are diverse and each social network has different policies in place for how they respond to reported attacks. As a result, mitigating threats on social media can be a frustrating and time-consuming process for security teams. In this post, we break down some common social media threat types and the evidence needed to remove them.
Security teams need multiple takedown avenues to move forward with based on the threat at hand. Understanding the criteria each social network requires and building solid relationships is critical for effective social media protection.
Threat Type: Impersonation
Most social media threats involve some form of impersonation. Bad actors rely heavily on impersonation because it adds credibility to the scam. Incorporating impersonation to any threat type on social media will maximize its effectiveness.
Executive and Brand Impersonation scams can be found across all major social media platforms. Instagram and LinkedIn have the greatest reach to the targeted audience, and are primarily abused.
Fake LinkedIn Profile
Reporting an impersonation scam is an intricate process and does not follow a one-size-fits-all solution. Direct contact with the platform is required.
Mitigation Criteria:
- Proof that the profile is not a parody account
- Proof that the name and photo of person impersonated is present on the post
- Legitimate profile of the victim is optimal
Threat Type: Financial Scams
Financial scams are most commonly seen on the social media giants Twitter, Facebook, and Instagram. These are the most frequently observed threat types in conjunction with impersonation.
Types of financial scams include: Deposit fraud, money-flipping, card cracking, tech support, and fake employment opportunities.
Deposit Fraud
Security teams can submit reports directly to Twitter and Facebook regarding malicious financial activity. Individual reporting is also possible through profiles on those platforms and through Instagram.
Mitigation Criteria:
- Direct mentions of client in question with intent to commit financial fraud
- Posted login details
- Break in terms of service
Threat Type: Cyber
Cyber threats on social media include phishing-related links or pages, as well as malware. These types of threats are found on all major social networks including YouTube and paste sites. Best practices for takedown involve utilizing the relationship with the platform and individual reporting.
Phishing
Mitigation Criteria:
- Active links to malicious content that are abusive in nature.
- Proof of past posted malicious content
Processes for mitigation can be tedious as platforms aren't simply looking at what content is on the post. Any information gathered through social media risk monitoring that relates directly or indirectly to the threat type should be submitted as evidence to promote a rapid and effective takedown.
To learn more about social media threats, download Navigating Social Media: A Digital Risk Protection Playbook.
Additional Resources: