The financial industry continues to experience the largest volume of abuse among all industries on social media. In Q3 banks, credit unions, and other F.I.’s contributed to nearly three-quarters of all attacks on social platforms, with national banks alone more than tripling the volume of the top targeted non-financial, retail.
The top threats to financial institutions on social media consist of fraud, impersonation, and cyber threats such as hacking. A successful attack can negatively impact a financial institution’s reputation and incur revenue loss. While threats on social media should be actioned swiftly and completely, identifying abuse and successfully taking down the threat can be problematic. Below, we discuss best practices for mitigating social media threats targeting financial institutions.
Common Threats & Where They Live
The most common threat types targeting financial institutions on social media are fraud, cyber threats, and impersonation. Fraud may include the unauthorized sale of account credentials, exposure of banking details, or any incident designed to provide illegal gain to the threat actor.
Cyber threats include anything that causes a cyber risk to the victim, including hacking.
Impersonation is present to some degree in most attacks, with criminals using the stolen trademarks or images of a brand or executive.
These threats are located on criminally-owned and compromised account pages, and posts. Many attacks impersonate brands using the logos, copy, and imagery of the targeted financial institution to convince victims of their legitimacy.
Attacks targeting financial institutions exist on most social platforms, however they are especially prevalent on the top social media sites. The leading social media platforms have reporting features to communicate malicious activity on a page or post, and security teams should collect and submit all information directly or indirectly related to suspicious activity.
It is especially important that security teams prioritize relationships with platform providers to expedite the removal of malicious activity.
What is Required for Takedown
While criminals rely heavily on brand impersonation to masquerade as a trusted bank or credit union, brand abuse is not always obvious on social media posts or pages. To remove content, most platform authorities will require unmistakable evidence of fraud, and security teams should be prepared to submit all available incidents of abuse. Mitigation criteria includes:
- Logos
- Copyrighted material
- Trademarks
- Any context around the suspicious page or post
- Direct mentions of client in question with intent to commit financial fraud
- Break in terms of service
Threat actors will also incorporate links and spoofed domains into malicious posts and pages that lead victims to third party sites on the open web. Security teams should submit all active links to sites hosting malicious content, as well as any look-alike domains.
Criminals have the ability to quickly create and modify content on social media and may alter a threat to appear generic once it has been reported. To reveal past abuse, security teams should use platform security feeds to submit as proof of former misconduct.
The average financial institution has seen a jump in malicious behavior on social channels since the onset of 2022 and can now anticipate nearly 72 attacks per month, according to the latest data from PhishLabs. In order to quickly detect and remove abuse, security teams should prioritize the gathering of relevant data targeting their financial institution and establish relationships with platform providers to expedite the investigation and mitigation process.
To learn more about threats on social media, check out:
