Recent Posts

Recent Blog Posts

The PhishLabs Blog

How to Take Down Social Media Threats

Posted by The PhishLabs Team on Oct 6, '20

Threat actors increasingly use social media to attack brands, VIPs, and customers. The types of threats on these platforms are diverse and each social network has different policies in place for how they respond to reported attacks. As a result, mitigating threats on social media can be a frustrating and time-consuming process for security teams. In this post, we break down some common social media threat types and the evidence needed to remove them.  
 
Security teams need multiple takedown avenues to move forward with based on the threat at hand. Understanding the criteria each social network requires and building solid relationships is critical to rapid and effective mitigation. 
 
Threat Type: Impersonation
Most social media threats involve some form of impersonation. Bad actors rely heavily on impersonation because it adds credibility to the scam. Incorporating impersonation to any threat type on social media will maximize its effectiveness. 
  
Brand and Executive Impersonation scams can be found across all major social media platforms. Instagram and LinkedIn have the greatest reach to the targeted audience, and are primarily abused. 
 
Fake LinkedIn Profile
 
Reporting an impersonation scam is an intricate process and does not follow a one-size-fits-all solution. Direct contact with the platform is required.
 
Mitigation Criteria:
  • Proof that the profile is not a parody account
  • Proof that the name and photo of person impersonated is present on the post
  • Legitimate profile of the victim is optimal
 
Threat Type: Financial Scams
Financial scams are most commonly seen on the social media giants Twitter, Facebook, and Instagram. These are the most frequently observed threat types in conjunction with impersonation. 
 
Types of financial scams include: Deposit fraud, money-flipping, card cracking, tech support, and fake employment opportunities. 
 
Deposit Fraud
 
Security teams can submit reports directly to Twitter and Facebook regarding malicious financial activity. Individual reporting is also possible through profiles on those platforms and through Instagram.
 
Mitigation Criteria:
  • Direct mentions of client in question with intent to commit financial fraud
  • Posted login details
  • Break in terms of service
 
Threat Type: Cyber 
Cyber threats on social media include phishing-related links or pages, as well as malware. These types of threats are found on all major social networks including YouTube and paste sites. Best practices for takedown involve utilizing the relationship with the platform and individual reporting. 
 
Screen Shot 2020-10-05 at 11.21.09 AM

Phishing

 
Mitigation Criteria:
  • Active links to malicious content that are abusive in nature.
  • Proof of past posted malicious content
 
Processes for mitigation can be tedious as platforms aren’t simply looking at what content is on the post. Any information relating directly or indirectly to the threat type should be submitted as evidence to promote a rapid and effective takedown. 
 
To learn more about social media threats, download Navigating Social Media: A Digital Risk Protection Playbook.
 
Additional Resources:

Topics: Social Media Threats

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all