Social media has had a huge impact on how we live and interact, allowing us to easily share experiences, communicate and to keep up with news. Reports suggest that on average, we spend nearly two hours a day on social media – a figure which is only set to rise, especially given that some teens are already spending a staggering nine hours a day on social platforms.
But while social media is a source of entertainment and news, it can also pose risks. As International Fraud Awareness Week came to a close on November 18, it’s important to be aware that the threat of cyberattacks and infiltration through social media is looming large.
Consider, for example, that Russian hackers reportedly broke into the computer of a Pentagon official – through his Twitter account. A link in a Twitter post offering the bait of an attractive-looking holiday offer was the means used to gain access.
Awareness of scams such as phishing emails may have grown, but the signs are that many users are not translating the same kind of precautionary etiquettes that they use in an email environment to their social media usage. More education is needed, not only around being careful with links or content that is shared by others but also around the information that users reveal when posting, such as their location or other personal information including dates of birth, addresses or even phone numbers.
Fraudsters can collect and exploit this information for identity theft – potentially making purchases or carrying out transactions that the real user knows nothing about. Identity fraud has risen significantly with social media as the ‘hunting ground’, according to fraud prevention service Cifas. People tend to be more trusting on social media, perhaps because they feel that they are ‘amongst friends’ and in a sharing environment but they need to be aware of the risks and adapt their behaviour accordingly.
Here are four common ways that the cyber threat is being played out on social media platforms:
Spear phishing – sending malicious links or files through a social media post.
Authentication credentials – stealing the customer’s authentication details at login, often through having installed a keylogger on their device (perhaps through a spear phishing attack as above).
False flag attacks – again, this revolves around stealing a user’s login details usually by sending a fake request for a password reset or other authentication activity.
Subscription renewals – capturing credit card details by sending fake messages to subscribers telling them to renew. As ActionFraud warned, this has been happening with WhatsApp – even though the service stopped charging its subscription fee in 2016.
The question arises whether companies, particularly financial institutions, have a role to play in helping customers protect their privacy and identity online?
Banks already offer education to customers around remaining safe online through videos, TV adverts and online guides. However, could they go further? The financial cost of Identity fraud for banks is huge – in the US alone, reports estimate it cost consumers $16bn last year – and Experian estimates that a case of ID theft can take 300 hours to set things straight again.
For insurance companies who have traditionally struggled to differentiate their offerings, could educating, and helping to detect and resolve incidents of ID theft through social media and online activities provide extra protection and peace of mind for their customers? This would help to build a deeper connection and create a competitive advantage.
There are tools that can help organisations raise awareness amongst their customers of the risks of social media and more broadly online. For example, Affinion works with financial institutions to provide customers with ID theft detection services that can scan the public and dark web and warn them in advance of possible threats.
However, should the worst happen and a person fall victim to an attack, they can also help provide support in resolving issue too, in the form of an ID theft helpline, legal assistance and a resolution service. Not only does this help customers in a time of need, but it also aids the customer engagement journey – positioning the provider as an organisation that’s supportive when it matters.
The payback for banks and insurance companies in offering add-on benefits of this kind. Affinion’s Connected Customer research found that customers whose bank provides everyday assistance or protection related products in addition to core services are more likely to have a higher engagement score – with customers staying longer and spending more.
Protecting the profile
However, it’s not just the likes of spear phishing and false flag attacks – there are other ways that social media can open customers up to threats, as well as additional services that providers can offer to help.
Affinion’s Social Media Scanning service*, for example, can be offered to customers to help educate and alert them of risks associated with their social profiles, before they escalate. It connects to social media accounts and applies a number of algorithms to understand what’s being mentioned in relation to a customer’s social profile and produces reports highlighting the key points around:
Risk – alerting the customer if one of their connections has revealed any personal information related to them that could be a privacy threat.
Relationships – analysing the people the customer is connected to and assessing whether there are any reputational risks from being associated with them.
Reputation – showing the customer what impression their social profile is likely to give to outside parties and what effect this could have across such areas as employability or personal finances.
Of course, this only goes some of the way to preventing issues and there are a number of other steps that customers can take to protect themselves.
Ultimately, the threat of attacks through social media is growing. People need to take steps to protect themselves and this starts with education of the risks. It is also important that they have access to services to help discover if they are at risk, and assistance should they be a victim.
The opportunity lies for companies the customer trusts – like financial institutions – to help them take pre-emptive action before cyber criminals strike.
*Only available in English and Spanish at the moment.