- Is there evidence of them claiming to be wronged by the asset which may have provoked the posted threat?
- Was this post the only mention of this asset, or is there a history within their post activity that contains other mentions of it?
- How familiar are they with this asset?
- Is it within their posting nature to publish threatening content made toward other targets, or is this an outlier among harmless posts?
- Does their post history present evidence of extreme opinions?
- Are they engaging with other users who post similar content in support of the target user’s ideologies?
- They had a profile in the past, where evidence may still be present
- They’re likely no longer using the platform
In conclusion, investigating a social media threat actor’s account and discovering their other profiles can be instrumental when determining the risk of a potential threat. Mapping out accounts operated by the actor can lead to findings and context that substantially change the risk assessment. The evidence collected can also aid in mitigation efforts for high risk threats that are targeting specific individuals, brands, and other assets. In addition to these actions, a strong social media protection solution will also aid in identifying and minimizing risk.