Today’s online world is all about engaging and staying connected with others via social media. For businesses, establishing a presence on various social media platforms is an enticing way to connect with current customers as well as foster new business.
Yet the immense popularity of social media sites can also draw unwanted attention to its users. Just as businesses are drawn to popular social medial sites to market their brands and products, so, too, are potential cybercriminals interested in targeting those who engage with these sites. On many of these platforms, user engagement is public. In other words, when a user chooses to “follow” a company or leave a comment, not only does the business take notice of the user, but everyone else on the platform can, as well, including those who are not themselves following the business. This provides a would-be cybercriminal a target-rich group upon whom to practice new (and old) scams.
For example, users who choose to follow a bank or financial institution may find themselves receiving new followers and direct private messages from strangers who may in fact be cybercriminals looking to obtain sensitive banking information. Followers of retail institutions on social media may be targeted by those trying to misrepresent themselves as affiliates of a well-known brand in order to sell counterfeit goods, whether through direct messages or through sponsored postings that end up on a user’s newsfeed.
For a business owner, combatting scams that potentially originate from the social media page of one’s own company can seem like a daunting proposition. After all, how does one assess the appropriate level of resources to allocate for monitoring one’s social media pages? Is it even worth it to do anything at all, considering that cybercriminals can create new accounts with ease and modify their scams to get around specific safety measures?
Forewarned Is Forearmed
Instead of trying to anticipate or react to current cybersecurity threats on social media, businesses, especially financial and retail institutions, should focus on arming their social media fans with as much awareness and vigilance as possible when it comes to scams online. Fighting ever-evolving cybercrimes becomes a much more feasible endeavor when a site’s users are themselves savvy social media users. After all, a number of cybercrimes today are ultimately perpetrated through private communications between a scammer and another user, away from the business page where the initial contact originated. Consequently, businesses whose social media followers are more likely to be targeted by scammers should consider integrating informative posts into their social media communications on a regular basis. That could be something as simple as the occasional tweet on how to spot a potential scam, an Instagram photo with a safety message on communicating with other users, or a Facebook post with information on how to report a potential scam. The goal is to convert your company’s fans into vigilant social media users who won’t be as easily taken advantage of by cybercriminals, no matter what form or approach they take.
Examples of awareness posts: safety post from the NJ Department of Homeland Security Instagram page (left); safety post from the Dept. of Homeland Security Instagram page (right)
Here are some basic tips that businesses can share with their users to get started:
- Check to see that the account you are following is a verified business. Many, but not all, official brands should have a blue checkmark next to the brand name on their Facebook, Instagram or Twitter profile page (not in the cover image or profile picture). For those that are not verified, take an extra moment to see if the account is official (such as going to the business’s website and checking to see that it links to this social media page directly) and not a copy-cat of the business you are looking for.
- Do not click on links in direct messages unless you can verify the sender is in fact a verified brand page. Such links can lead to downloading harmful apps that can affect your personal device or compromise your personal information. If you do get a pop-up to download an application that you weren’t expecting, close out of it and do not revisit the link.
- Avoid giving private financial or other account information over direct message. If possible, always ask for a phone number and e-mail address that you can verify online. (Look up the contact information online to see if it belongs to the business you intended to speak with.) Make sure you know who you are speaking with before sharing sensitive information. Even if the message requesting private financial or personal information is from someone you recognize, it may be advisable to reach out to that person separately via phone, text or email to make sure they did send you the message and that it is not instead a hacker posing as your acquaintance.
- Report accounts that you believe are attempting to scam users.
(Note that most of these have been best practices since the dawn of the internet—but a new potential victim is born every minute, and even savvy users can have a moment of weakness or inattention.)
Outside of generating safety awareness, businesses can also take their security program one step further by creating a separate channel for users to report suspected scamming activity, such as a separate e-mail address or online form. Not only could this help a business stay current in its efforts to curb cybersecurity threats, but it could also help the community. For example, businesses can submit to Threat Exchange, a Facebook program designed to receive and share information about cybersecurity threats, which is currently made up of other social media and internet companies as well as several banks.
Combatting cybercrimes on social media is not a hopeless endeavor, but it is best achieved through cooperative measures by both companies and consumers. At the very least, business should both be aware that their social media pages can potentially draw the attention of cybercriminals and move to counteract the risks by educating social media users on how to avoid getting scammed. Along with the active encouragement to report potential cybersecurity threats, these steps can help create an informed user group.
From there, it’s up to the users to engage.