Researchers find 450,000 financial scams operating on social media

File Photo
Financial scams have doubled in the past year on social media but only a small pool of cyberattackers appear to be behind the surge.
According to ZeroFOX researchers, around 250,000 finance and banking scams were lurking on social media platforms including Twitter and Facebook in 2016, but now, this estimate has almost doubled having reached a total of 437,165 fraudulent campaigns.
More security news
Judge smashes boundless warrant for identities of anti-Trump website users
Ransomware is now big business on the dark web and malware developers are cashing in
US deputy attorney general just called for ‘responsible encryption.’ Don’t fall for it.
Your forgotten IoT gadgets will leave a disastrous, toxic legacy
On Thursday, the cybersecurity firm released a new report titled, “External social and digital threats to financial institutions.”
Within the paper, the firm’s researchers say that if every scam claimed one victim on average, this would equate to $180,986,310 in total global losses due to social media-based financial scams.
This does not appear to be the case in reality, but the sheer number of scams on social media designed to target financial data, bank accounts, and cash funds still do pay.
Based on reported incidents and losses, the average victim ends up losing $414 per scam, which is the work of a relatively small number of scam artists — 18,175 in total, in fact.

Social media offers platforms for businesses to connect with customers, a way to improve engagement, an avenue for positive comments and complaints, and also allows average users to create networks of friends and colleagues.
被动的响应技术往往会慢于精明的黑客,所以不能一味依赖通过技术手段来实现控管目标,提高员工们的安全防范意识,让他们能主动识别出新型的安全威胁,才是更重要的啊。
However, the sheer size of platforms such as Facebook, Twitter, Instagram and LinkedIn also gives fraudsters a wide pool of potential victims.
There are three techniques mainly used on social media platforms to hoodwink users and pretend to be financial service (FinServ) institutions. Social engineering is a common theme, as is what ZeroFOX calls “spray-and-pray.”
This tactic encapsulates when attackers cast the net as wide as possible in the social media pool before honing in on their targets.
Through this model, victims usually engage with a payload in a manner similar to a watering hole attack, and they are planted where victims are most likely to engage with them — such as in malvertising or a fraudulent domain which mimics a legitimate website.
“Attackers use FinServ hashtags & follower monitoring, the process of engaging with the follower’s of an organization’s brand account, to segment and deliver convincing advertisements to sympathetic user audiences,” the researchers say. “The most lucrative targets include FinServ customers or prospective customers, whose card-holder or other membership status, available funds, and general interest increases their probability to engage with a malicious offer or fall for a social engineering ploy.”
“Once identified, attackers engage offline or out-of-band, such as via direct message (DM). The attacker nurtures individual leads on a more personal basis until the transaction has finally converted,” the report added.Ironically, the cast of a wide net before honing in is similar to today’s sales techniques, made possible through tailored advertising, feeds, and tracking.
Another technique is called “land-and-expand,” in which attackers target specific organizations or users — similar to spear phishing — and then use these victims to find others of similar interest.
In this model, victims are selected beforehand and scammers perform reconnaissance before attempting to lure them into parting with financial data.
This research into targets may include finding public information, membership lists or groups, “liked” content on social media, timeline information, and demographics. According to ZeroFOX, both techniques have been leveraged to execute scams, for spear phishing campaigns, targeted malware distribution, account takeover and data exfiltration.
“[The research] illuminates the broader challenge of detecting threats on social media, which is increasingly exploited by malicious actors to undermine FinServ brand integrity, data security, and bottom lines,” the team says. “Affected organizations need to implement a combination of manual controls and automated, data-driven approaches to identify and remediate external digital and social threats.”
5 things you should know about VPNs
SEE FULL GALLERY
网络安全法普法宣传 004《网络安全法》的突出亮点
1 – 5 of 5
NEXT
PREV
Previous and related coverageJPMorgan calls Bitcoin ‘fraud’ only for use by criminals and North Koreans Falcon bank offers clients Bitcoin, cryptocurrency trade accounts Hackers want to crack bank ATM networks – and your nearest cash machine is probably running Windows XP
通过白色恐怖来恫吓员工,企图让员工遵守信息安全规定的做法并不是很好的信息安全管理方法。

猜您喜欢

信息安全第一课——丢弃毁坏的U盘
诺贝尔科学奖获得者也无法解决的高科技信息窃贼防范难题由信息安全意识教育来帮忙
网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
人人需知的互联网金融信息安全基础
GE7A BINGWALLPAPER
网络安全公益短片之高级持续性威胁APT防范基础