Protecting yourself from social media fraud

If you have ever replied to a ‘what was the number one song on the day you were born?’ viral post, taken a personality quiz without checking the terms and conditions or just accepted a friend request from a stranger then you could have opened yourself up to fraud.

Digital fraud has skyrocketed in the last 18 months. The reason why will not surprise anyone, but the level of ingenuity that fraudsters are displaying would. Far from operating out of bedrooms and basements, cybercrime is an industry accounting for $1tn in revenue, or 1.19% of global GDP in 2020. Other estimates taking into account theft of intellectual property and post-attack disruption on companies put the figure at $10.5tn by 2025, making it the world’s fourth largest economy. This is an industry that works in parallel to the anti-fraud industry that we are a part of, with its own seminars, training programmes, respected elder statesmen and innovative start-ups, and since the beginning of social media fraudsters have been using social media to gather information.

The last point is key: social media will not be the primary way in which fraudsters get money or information from your company, but it is a treasure-trove of information, and by piecing together the information that is out there plus some creative social engineering fraudsters can put themselves in a position from which they can seriously damage your reputation and finances.

So how are fraudsters using social media to commit fraud against businesses, and how can you protect yourself?

What social media fraud looks like

It is trivially easy for fraudsters to find the names, faces and work history of somebody who they want to target at a company through LinkedIn. From there it is often easy to find the same person on Facebook, Instagram, and Twitter. If, for example, a fraudster wanted to access a company’s email servers they could find that company’s IT manager on LinkedIn, then hop over to Facebook. From there fraudsters have a range of options at their disposal: perhaps they can catfish their target or even commit romance fraud then blackmail them for passwords, they could also copy the account of one of their target’s friends and send keylogging software disguised as a funny video. Perhaps the employee has said something that could get them fired and can be blackmailed, or perhaps they have revealed that they are a member of a commonly used website and can be sent an email with a spoofed address asking them to enter login details. The methods are only limited by a fraudster’s time and imagination.

When it comes to CEOs and founders, there are even more options available. Today, CEOs are often treated like mini-celebrities, and will have to do interviews, clubhouse talks and keep up appearances on social media. They are also human beings who use social media to talk to friends and even date. As they are often the person at a company with the most power to send fraudsters money, they are popular targets. There are probably more CEOs than we know, and likely quite a few famous names, who have fallen victim to romance fraud and plenty that probably wish that they deleted old social media posts before they came back to haunt them.

What can your company do?

The first step is to recognise that social media is a vector for fraud and that personal accounts are as likely to be used in a fraud attempt as work accounts. From there, there is a lot that you can do.

Firstly, use strong, unique passwords on all of your social accounts. Although this can be time-consuming and increase the difficulty with which you access these accounts it will go a long way towards stopping attacks.

Then, it may be worth cleaning your old social media posts so that the information in them cannot be used against you. There are ways to automatically delete posts older than a certain date for Facebook, Twitter and other platforms that can be useful here.

Secondly, you will need clear security protocols for your team’s social media use. That can be a hard pill to swallow for teams used to unlimited freedom online, but it does not have to be onerous – you don’t have to ban the use of dating apps in case your employees are catfished. You can start by educating employees on how social media fraud works and letting them know that what they do in their own time can have major impacts on the business. Have plans in place for a potential breach, for blackmail and for the reputational damage from having embarrassing data leaked.

Staying social but safe

Social media can be a great tool for business and individuals, but it has major pitfalls if you are not careful. Knowing the risks and having plans in place should allow you to post in peace.