Impersonating through social media

Impersonation is where users create social media accounts mimicking a legitimate account. Such impersonators are found across all online social platforms, which are widely used by celebrities, influencers, businesses, and public figures having different levels of popularity. Your customers’ security is paramount to you and your organization. That’s why cyber scams like brand and social impersonation harm businesses of all shapes and sizes. According to the Federal Bureau of Investigation (FBI), impersonation attacks have caused global losses upwards of billions. Stealing your clients’ sensitive information and money, can erode the confidence of the victims and ultimately impact your customers’ trust in your organization. In this post, we will take a look at the different types of impersonation, and how brands can fight back. Impersonation or identity theft in social networks refers to accounts that use the name, image, or other identifying elements of a person, company, or organization for fraudulent purposes. They differ from other legitimate uses of a brand or person, such as fan accounts, parodies or criticism, and information pages. More and more people, regardless of age and gender, are signing up for profiles on online social networks to connect with each other in this virtual world. Some have hundreds or thousands of friends and followers spread across multiple profiles. But at the same time, there is a proliferation of fake profiles also. Fake profiles often spam legitimate users, posting inappropriate or illegal content. Fake profiles are also created while misrepresenting some known person to cause harassment to him/her.

1. Block profiles from public searches.

2. Restrict who can find you via online search.

3. Limit what people can learn about you through searching on the net.

4. Log out after each session.

5. Don’t share social media credentials.

6. Don’t accept friend requests from unknowns.

7. Don’t click suspicious links.

8. Keep the privacy settings of your social media profile at the most restricted levels, esp. for the public/others

9. Remember that information scattered over multiple posts, photographs, status, comments, etc. may together reveal enough about you to enable a fraudster to steal your identity and defraud you. So, apply maximum caution while sharing anything online

Such impersonators are found across all online social platforms, which are widely used by celebrities, influencers, businesses, and public figures having different levels of popularity. Although many impersonators may be harmless, there also exist nasty fake accounts that focus on defamation or asking for money as soon as they are connected.

Impersonators are highly organized when it comes to brand impersonation. They have a focussed plan and approach, produce pre-planned untrustworthy content, and abuse or generate fake negative engagement. Social media has also become a popular place for hackers to release their malicious content as well. Phishing and Malware have started to come into the social media environment, with malware and phishing URLs being shared and linked on social media websites; which are then spread across social networks using social engineering.

Another tactic is by embedding fake QR codes into a phishing email, text, or via social media. Upon scanning the bogus code, users are directed to websites with realistic-looking landing pages, where the victim may be prompted to log in by entering PII (personally identifiable information).

A forged QR code also has the potential to connect to an unsecured Wi-Fi network or automatically navigate to a malicious link. Phony codes may also take you to websites where malware can be automatically downloaded and used to steal sensitive information from your device, or even transfer spyware or viruses.

Public QR codes (like at fuel stations or kiosks) also pose a problem as cybercriminals may swap them by replacing their own QR codes over genuine ones to make money flow into their account. The problem is, there is no way of reading the information contained inside the code before exposing the device to the unsuspecting fraud. It’s critical to pay close attention, even to small details while making payments or transactions using QR codes. It is best to pay using these, only insecure and familiar environments. Remember that the risks of scanning an unknown QR are like clicking on links in unknown messages – treat a QR code like any other link – don’t follow it if you don’t fully trust the source. Once you scan the QR, a pop-up to view its embedded URL must emerge. If there is no URL, or if it seems like a shortened one (like bit.ly) – be cautious. It’s best to install a QR scanner that checks or displays the URL before it follows the link.

Install and update security software regularly across devices. If you suspect any suspicious activity – immediately contact your bank and have them change your login credentials. You may also consider contacting the police and registering a formal complaint with the cyber cell or even an online complaint on the National Cybercrime Reporting Portal – cybercrime.gov.in.

Although the QR codes themselves are a secure and convenient mechanism, we expect them to be misused by cybercriminals in 2021 and beyond. Knowledge of QR code fraud may lag significantly today, but vigilance on our part will ensure the difference between the QR code being scanned and us being scammed.