Fake Social Media Pages Increased 1100% in Two Year Period

Fake social media pages are abundant. The social media security company ZeroFox analyzed over 40,000 fake social media sites and found that the number of these increased 11 times between 2014 and 2016. And more than 50% of them impersonated brands and offered up phony coupons or bogus giveaways to take advantage of users.

There were many ways they accomplished this according to ZeroFox, but the top three were verification phishing, paid advertising impersonations, and fake customer support.

Websites can get verified in social media. These sites usually display some type of icon or “badge” to indicate this. Users are
supposedly given more confidence when one of these “verification badges” is displayed. Unfortunately, scammers also use these to trick people into giving up personal information such as login credentials or to get malware onto devices.

Advertisements are the way most social media sites can provide their services free of charge to the end-users. Scammers will create fake ads and pay a lot to have them displayed more frequently in newsfeeds. This means more opportunity to engage in their scams.

Customer support is often offered on legitimate company social media sites. This is a convenient way for customers to interact with businesses. Yes, the scammers set up fake sites for this purpose to and often acquire a significant amount of personal information through them.

Unfortunately, it is often very difficult to detect these fake pages. The scammers are patient and take the time to make their impersonations look nearly identical to the real companies. And there isn’t much that can be done about it either. That’s because they often will execute a scam and delete their pages so quickly that no one knows what happened. So, the social media companies are working on additional security to prevent this.

The primary way to protect oneself is to enable multifactor authentication (MFA) or two-factor authentication (2FA) whenever it’s offered. Sometimes it means receiving a one-time code on a smartphone via text or phone call. Sometimes, it involves challenge questions. A more sophisticated way gaining ground is to use a U2F security key. These little devices are easy to set up and use and make an account nearly impossible to crack or phish. More sites are offering this as an MFA solution and Facebook announced it is now supporting it, while Google has been for some time. While it will not clue anyone in to whether or not a page is an imposter, it will prevent logins to your accounts should you get caught up in one of the scams.

It's also wise to avoid clicking on so-called "clickbait." These are advertisements or posts that seem a bit extreme or outrageous in an attempt to get clicks. Some of them merely go to shopping sites, but others install malware.

In addition, if you have favorite social media pages, follow or bookmark them and use those to see their feeds and pages. This will prevent you from falling for the imposter pages.

The sites analyzed by ZeroFox included Facebook, YouTube, Google+, Twitter, Instagram, and LinkedIn. Of these, the first three offer the U2F key solution and all except Instagram offer some type of MFA. And while it does take an initial small financial investment to use the key, it will provide an additional clue if a site is phishing. If you login and it doesn’t ask to insert the key, it very well could be phishing. According to Proofpoint, phishing on social media increased 500% in 2016.

© Copyright 2017 Stickley on Security