Story image

Why cybercriminals are corrupting popular social media platforms

06 May 2018

Although cybercrime is commonly perpetuated through the dark web, criminals are reaching out to the world’s most popular social media platforms and accessible to anyone – at least that’s according to a recent blog by RSA.

In 2016, security firm RSA found that criminals were using Facebook, QQ, and Baidu for their activities, but that has now extended to platforms including Instagram, Snapchat, Telegram, and WhatsApp.

This is because social media platforms have the potential for mass communication. Fraudsters are attracted to them as ‘control stations’ for their social lives and business, says RSA’s Heidi Bleau.

Now fraudsters are targeting legitimate platforms to create a new type of fraud market – one that has a global reach.

Bleau also suggests that there are a number of other reasons that criminals are attracted to social media, including anonymity; exclusive invite-only capabilities; and mobile integration.

Unsurprisingly, social media allows for a level of anonymity that criminals can use to create a user profile and email address completely unconnected to their real-life credentials.

“Not only can malicious actors have one anonymous account, but they can – and often do – have dozens or more, ready to be activated,” Bleau says.

Social media can also be tailored to invite-only functionality, which provides a safe haven from those who may report or sabotage criminals’ plans.

Mobile integration allows real-time monitoring access, which means criminals are able to work faster.

Social media platforms themselves may also be evolving in a way that accommodates cybercrime. Bleau explains:

- Extended Feature sets. In the past, there was a clear distinction between instant messaging platforms and social media. However, during the last few years, those same platforms which have been used solely for the purpose of peer-to-peer communication, have evolved into something more and are used in the same way as social media.   - Multi-platform models. All fraud groups in social media can be thought of as one uniform sphere, with fraudsters often advertising groups/contacts from one platform in another one, and alternating between two or more platforms even during conversations. Moreover, the content shared in the various social media groups is inherently similar, and mainly serves to increase the fraudster's reputation and customer base.

- Criminals are users, too. While there are differences between the platforms and particular reasons to choose one over another, fraudsters generally behave like typical social media users: most try to be represented on as many platforms as possible to reach as wide an audience as possible, to maximise their marketing and market visibility.

Bleau concludes by pointing out that tech-savvy thieves will continue to look for the best ways of making money on stolen financial and identity information – at least until law enforcement catches up and starts to regulate malicious activity on social media.

“Keeping track of and reporting on the adoption and utilisation of these platforms by fraudsters is imperative to keep all interested parties—including the public at-risk—aware of this very real problem,” Bleau concludes.

Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.