Social media offers platforms for businesses to connect with customers. A way to improve engagement, an avenue for positive comments and complaints, and also allows average users to create networks of friends and colleagues. Platforms such as Facebook, Twitter, Instagram and LinkedIn also gives fraudsters a wide pool of potential victims.
Financial scams have doubled in the past year on social media. But only a small pool of cyber attackers appear to be behind the surge.
According to ZeroFOX researchers, around 250,000 finance and banking scams hidden on social media platforms. Including Twitter and Facebook in 2016. But now, this estimate has almost doubled having reached a total of 437,165 fraudulent campaigns. Based on reported incidents and losses.The average victim ends up losing $414 per scam.The work of a relatively small number of scam artists 18,175 in total.Firm released a new report titled, “External social and digital threats to financial institutions.”
The firm’s researchers say that if every scam claimed one victim on average. This would equate to $180,986,310 in total global losses due to social media based financial scams.
Three techniques mainly used on social media platforms to deceive users and act as financial service institutions. This tactic encapsulates when attackers cast the net as wide as possible in the social media.
Land and Expand technique
Attackers use FinServ hashtags & follower monitoring, the process of engaging with the followers of an organization’s brand account, to segment and deliver convincing advertisements to sympathetic user audiences, the researchers say. The most lucrative targets include FinServ customers or prospective customers. Whose cardholder or other membership status, available funds, and general interest increases their probability to engage with a malicious offer or fall for a social engineering ploy.
“Once identified, attackers engage offline or out of band, such as via direct message (DM). The attacker nurtures individual leads on a more personal basis until the transaction has finally converted,” the report added.
Another technique is called “land and expand,” in which attackers target specific organizations or users similar to fraud. Then use these victims to find others of similar interest. Victims are selected beforehand and scammers perform observation before attempting to lure them into parting with financial data. This research into targets may include finding public information, membership lists or groups, “liked” content on social media, timeline information, and demographics.
According to ZeroFOX, both techniques leveraged to execute scams. For fraudulent campaigns, targeted malware distribution, account takeover and data.