Social media has become a strategic and successful means for retailers to engage customers, promote their brands and grow their businesses. However, scammers and cyber criminals have taken to these networks as well, exploiting their low technical barriers, ease of payload delivery and broad access to potential victims. To increase their chances of success, attackers are increasingly incorporating several deceptive strategies to gain their victims’ trust.

Imitation Is the Sincerest Form of Flattery

Creating an account that mimics our favorite retailers, one of their executives or employees, celebrity endorsers or best friend who shops there often, can be as simple as copying information from a legitimate account or Internet search and pasting it into a fake profile. While this might seem harmless at first glance, displaying legitimate company names and logos allows the attacker to piggyback off their perceived trustworthiness to add credibility, and thereby manipulate victims into engaging with some sort of offer, discount, contest or quick return on money. Attackers can tailor attacks on retailers to whatever is trending online and in the media, be it a holiday or new product.

Impersonation accounts are typically used to send malicious URLs, which are customizable and can be designed to harvest personal data or credit card information from victims, infect devices with malware, execute a scam or simply redirect them to counterfeit merchandise. Attackers buy URL domain names with the sole goal of looking similar to the targets they are impersonating. This may involve swapping in characters or adding “support,” “help,” or other plausible concatenations to the end of the URL (e.g. “”) or account username (e.g. @bankABChe1p). This tactic tricks users into believing they are engaging with the real brand, especially if they only check at a glance or if the URL is shortened.

To deliver malicious URLs, attackers also commonly employ language that creates a sense of urgency by encouraging would-be victims into making impulsive choices. Adversaries selectively prey on victims by evoking emotional responses with pre-researched personal details, catering their messages to hobbies and interests for increased probability of success.

Reputational Repercussions

Impersonations, domain spoofing and manipulative language each try to add deception to attacks. For retail companies, these types of incidents can cause a direct loss to ROI, as victims are often compensated due to legal entitlement, contractual antifraud policies or as a positive brand-to-consumer gesture to retain customer satisfaction, prevent competitor attrition or avoid a public relations crisis.

There’s also an indirect, reputational cost associated with having branded content hijacked for nefarious purposes. When a brand is consistently misused and associated with unsavory content, there is a gradual tarnishing in its perceived trustworthiness that can take time and money to repair.

Retailers make for particularly lucrative targets because they have already heavily invested in cultivating a robust and loyal community online. However, this community is easily infiltrated, either as an impersonation of the brand itself, one of its customer representatives or any third-party offering counterfeit products, fake coupons or fraudulent promotions. With a particularly convincing impersonation account, attackers can even hijack real conversations occurring between customers and the brand, inserting themselves and redirecting the target to a malicious site before either party has even realized what is going on.

Retailers have some of the biggest followings of any industry on social media. Consumers are conditioned to look for promotions online and vent their frustrations when something is amiss. All of this value and engagement is exactly the medium an attacker seeks to exploit.

Brands & Consumers: Stay Vigilant

Social networks have taken numerous steps in combating the impersonation issue by verifying accounts with the coveted blue check mark, indicating to a user that the profile they’re interacting with is legitimate. This is similar to web sites that use digital certificates and browsers that highlight the URL in green.

However, detection can still remain difficult as impersonations can dynamically be created, banned, re-created, re-banned, rinsed and repeated. Accounts often remain dormant, waiting months or years before conducting a malicious campaign. Scammers might create accounts or activate old ones, broadcast attacks, steal credentials and money, then abscond, all in a matter of minutes or hours. A few weeks later, they can do it all over again with a fresh set of accounts.

In order to protect their digital presences, retailers should take the following steps and precautions:

  • Work with their cybersecurity team to secure corporate accounts via two-factor authentication and other security access controls
  • Establish a task force of information security, customer success and marketing to build policies around social media exploitation, swim lanes and workflows
  • Establish plans for public-relations crises, scam campaigns, disgruntled consumers and any other risks your business may face on social media
  • Invest in a social media protection tool to automate the identification and remediation of social media threats
  • Work with social networks to remove malicious content and profiles that violate the network terms of service

Phil Tully is principal data scientist of ZeroFOX.

More from WWD:

Gender Bias Permeates VC Funding, Still

Where Personalization Matters Most

Debunking Retail’s Silver Bullets

load comments
blog comments powered by Disqus