Story image

Why cybercriminals are corrupting popular social media platforms

06 May 2018

Although cybercrime is commonly perpetuated through the dark web, criminals are reaching out to the world’s most popular social media platforms and accessible to anyone – at least that’s according to a recent blog by RSA.

In 2016, security firm RSA found that criminals were using Facebook, QQ, and Baidu for their activities, but that has now extended to platforms including Instagram, Snapchat, Telegram, and WhatsApp.

This is because social media platforms have the potential for mass communication. Fraudsters are attracted to them as ‘control stations’ for their social lives and business, says RSA’s Heidi Bleau.

Now fraudsters are targeting legitimate platforms to create a new type of fraud market – one that has a global reach.

Bleau also suggests that there are a number of other reasons that criminals are attracted to social media, including anonymity; exclusive invite-only capabilities; and mobile integration.

Unsurprisingly, social media allows for a level of anonymity that criminals can use to create a user profile and email address completely unconnected to their real-life credentials.

“Not only can malicious actors have one anonymous account, but they can – and often do – have dozens or more, ready to be activated,” Bleau says.

Social media can also be tailored to invite-only functionality, which provides a safe haven from those who may report or sabotage criminals’ plans.

Mobile integration allows real-time monitoring access, which means criminals are able to work faster.

Social media platforms themselves may also be evolving in a way that accommodates cybercrime. Bleau explains:

- Extended Feature sets. In the past, there was a clear distinction between instant messaging platforms and social media. However, during the last few years, those same platforms which have been used solely for the purpose of peer-to-peer communication, have evolved into something more and are used in the same way as social media.
 
- Multi-platform models. All fraud groups in social media can be thought of as one uniform sphere, with fraudsters often advertising groups/contacts from one platform in another one, and alternating between two or more platforms even during conversations. Moreover, the content shared in the various social media groups is inherently similar, and mainly serves to increase the fraudster's reputation and customer base.

- Criminals are users, too. While there are differences between the platforms and particular reasons to choose one over another, fraudsters generally behave like typical social media users: most try to be represented on as many platforms as possible to reach as wide an audience as possible, to maximise their marketing and market visibility.

Bleau concludes by pointing out that tech-savvy thieves will continue to look for the best ways of making money on stolen financial and identity information – at least until law enforcement catches up and starts to regulate malicious activity on social media.

“Keeping track of and reporting on the adoption and utilisation of these platforms by fraudsters is imperative to keep all interested parties—including the public at-risk—aware of this very real problem,” Bleau concludes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.