Story image

Why cybercriminals are corrupting popular social media platforms

06 May 18

Although cybercrime is commonly perpetuated through the dark web, criminals are reaching out to the world’s most popular social media platforms and accessible to anyone – at least that’s according to a recent blog by RSA.

In 2016, security firm RSA found that criminals were using Facebook, QQ, and Baidu for their activities, but that has now extended to platforms including Instagram, Snapchat, Telegram, and WhatsApp.

This is because social media platforms have the potential for mass communication. Fraudsters are attracted to them as ‘control stations’ for their social lives and business, says RSA’s Heidi Bleau.

Now fraudsters are targeting legitimate platforms to create a new type of fraud market – one that has a global reach.

Bleau also suggests that there are a number of other reasons that criminals are attracted to social media, including anonymity; exclusive invite-only capabilities; and mobile integration.

Unsurprisingly, social media allows for a level of anonymity that criminals can use to create a user profile and email address completely unconnected to their real-life credentials.

“Not only can malicious actors have one anonymous account, but they can – and often do – have dozens or more, ready to be activated,” Bleau says.

Social media can also be tailored to invite-only functionality, which provides a safe haven from those who may report or sabotage criminals’ plans.

Mobile integration allows real-time monitoring access, which means criminals are able to work faster.

Social media platforms themselves may also be evolving in a way that accommodates cybercrime. Bleau explains:

- Extended Feature sets. In the past, there was a clear distinction between instant messaging platforms and social media. However, during the last few years, those same platforms which have been used solely for the purpose of peer-to-peer communication, have evolved into something more and are used in the same way as social media.
 
- Multi-platform models. All fraud groups in social media can be thought of as one uniform sphere, with fraudsters often advertising groups/contacts from one platform in another one, and alternating between two or more platforms even during conversations. Moreover, the content shared in the various social media groups is inherently similar, and mainly serves to increase the fraudster's reputation and customer base.

- Criminals are users, too. While there are differences between the platforms and particular reasons to choose one over another, fraudsters generally behave like typical social media users: most try to be represented on as many platforms as possible to reach as wide an audience as possible, to maximise their marketing and market visibility.

Bleau concludes by pointing out that tech-savvy thieves will continue to look for the best ways of making money on stolen financial and identity information – at least until law enforcement catches up and starts to regulate malicious activity on social media.

“Keeping track of and reporting on the adoption and utilisation of these platforms by fraudsters is imperative to keep all interested parties—including the public at-risk—aware of this very real problem,” Bleau concludes.

Comms providers hit by most DDoS attacks in Q3 2018
New data indicates attackers preyed on the large attack surface of ASN-level communications service providers with a ‘bit-and-piece’ approach.
Check Point launches hyperscale network security solution
With Check Point Maestro, organisations can scale up their existing Check Point security gateways on demand.
Should AI technology determine the necessity for cyber attack responses?
Fujitsu has developed an AI that supposedly automatically determines whether action needs to be taken in response to a cyber attack.
Trend Micro’s telecom security solution certified as VMware-ready
Certification by VMware allows communications service providers who prefer or have already adopted VMware vCloud NFV to add network security services from Trend Micro.
Frost & Sullivan honours Honeywell's IIoT value creation
Frost & Sullivan has awarded Honeywell with the 2018 Global Customer Value Leadership Award for its work protecting industrial internet of things (IIoT) customers.
Top cybersecurity threats of 2019 – Carbon Black
Carbon Black chief cybersecurity officer Tom Kellermann combines his thoughts with those of Carbon Black's threat analysts and security strategists.
Google's €50m fine a wake up call for big data analytics
Data analytics are essential to company growth, competitive differentiation, and innovation. But there’s now a huge challenge.
UK security startup Barac sets sights on America
“Malware hidden in encrypted traffic is one of the biggest threats organisations are facing today,” says new EVP global sales.