Story image

Why cybercriminals are corrupting popular social media platforms

06 May 18

Although cybercrime is commonly perpetuated through the dark web, criminals are reaching out to the world’s most popular social media platforms and accessible to anyone – at least that’s according to a recent blog by RSA.

In 2016, security firm RSA found that criminals were using Facebook, QQ, and Baidu for their activities, but that has now extended to platforms including Instagram, Snapchat, Telegram, and WhatsApp.

This is because social media platforms have the potential for mass communication. Fraudsters are attracted to them as ‘control stations’ for their social lives and business, says RSA’s Heidi Bleau.

Now fraudsters are targeting legitimate platforms to create a new type of fraud market – one that has a global reach.

Bleau also suggests that there are a number of other reasons that criminals are attracted to social media, including anonymity; exclusive invite-only capabilities; and mobile integration.

Unsurprisingly, social media allows for a level of anonymity that criminals can use to create a user profile and email address completely unconnected to their real-life credentials.

“Not only can malicious actors have one anonymous account, but they can – and often do – have dozens or more, ready to be activated,” Bleau says.

Social media can also be tailored to invite-only functionality, which provides a safe haven from those who may report or sabotage criminals’ plans.

Mobile integration allows real-time monitoring access, which means criminals are able to work faster.

Social media platforms themselves may also be evolving in a way that accommodates cybercrime. Bleau explains:

- Extended Feature sets. In the past, there was a clear distinction between instant messaging platforms and social media. However, during the last few years, those same platforms which have been used solely for the purpose of peer-to-peer communication, have evolved into something more and are used in the same way as social media.
 
- Multi-platform models. All fraud groups in social media can be thought of as one uniform sphere, with fraudsters often advertising groups/contacts from one platform in another one, and alternating between two or more platforms even during conversations. Moreover, the content shared in the various social media groups is inherently similar, and mainly serves to increase the fraudster's reputation and customer base.

- Criminals are users, too. While there are differences between the platforms and particular reasons to choose one over another, fraudsters generally behave like typical social media users: most try to be represented on as many platforms as possible to reach as wide an audience as possible, to maximise their marketing and market visibility.

Bleau concludes by pointing out that tech-savvy thieves will continue to look for the best ways of making money on stolen financial and identity information – at least until law enforcement catches up and starts to regulate malicious activity on social media.

“Keeping track of and reporting on the adoption and utilisation of these platforms by fraudsters is imperative to keep all interested parties—including the public at-risk—aware of this very real problem,” Bleau concludes.

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.