Social Media Security & Compliance Blog

Media Companies at Risk as Clinton/Trump Election Nears


By: Devin Redmond, Vice president and general manager of Proofpoint Social Media Protection (formerly Nexgate)

As we near Election Day, media companies are at risk as a well-timed hack could distribute misinformation, impact election coverage, or even spark violence in the politically charged atmosphere of this election cycle. Media companies face three primary challenges on social during this election: account hacks, an influx of malicious content, and DDoS-style social mob attacks.

Proofpoint research finds that the number of security incidents seen on social media can increase as much as 60% during major global events. For example, during one recent global event, one major media outlet used our security solution to automatically handle more than 100,000 security or acceptable use incidents across its social media properties.

Real world consequences

Social media hacks can have significant real-world consequences. In 2013 hackers took over the official Associated Press twitter account and posted a tweet claiming Barak Obama had been injured in an attack on the White House. The stock market dropped more than 100 points in about two minutes following the tweet.

Triple Threat: Account Hacks, Malicious Content and Social Mobs

Misinformation on polling results from a hacked media social media account could break trust with followers or even skew voter turnout in West coast states. And unfortunately bad actors have previously attacked and vandalized the web presence of multiple media sources, including Newsweek and Buzzfeed. The proliferation of regional and individual journalist accounts provides a broad attack surface, while many organizations are still in the process of implementing social media security.

Beyond account hacks, the huge influx of content surrounding an event like the U.S. elections can be overwhelming. From malware to hate speech, malicious content is rampant. Bad actors will most likely target both the employees and the social media followers of major news networks.

Hackers also know that social media managers are likely to click on malware links posted to company pages as part of their moderation and engagement efforts. Newsworthy events draw more followers to news agency pages, so bad actors will look to post malicious links in comments hoping reach a broader audience.

In addition, distributed denial of service (DDoS) attacks are a major concern for news websites during the election. There is a similar phenomenon on social media, called “social mob attacks.” During these attacks, supporters of a specific cause or organization flood a social page with spam posts, sometimes as many as three thousand posts in a single day. This effectively drowns out the legitimate posts made by the page administrators.

Media organizations need security tools with real-time monitoring and automated protection to deal with unauthorized tampering or changes in the behavior of a social account. In addition, they need a scalable way to automatically and immediately identify and delete malicious content targeting journalists or readers—and thwart social mobs. For consumers watching tomorrow’s election results, we highly recommend checking multiple sources as news breaks and to avoid clicking on links posts from un-verified sources.

Read more

Combat Angler Phishing

Social angler phishing is a dangerous new variant of social media phishing and it’s on the rise.

Fraudsters create fake customer support accounts on social media, then trick your customers into giving away their credentials, personal information and financial data.

Learn how Proofpoint can help your brand combat angler phishing and safeguard your support interactions on social media.

Read more

Three Ways Your Brand Can Win Gold


By: Ray Kruck, VP of Marketing at Proofpoint Social Media Protection (formerly Nexgate)

I remember huddling in our basement in Toronto during the 1988 Summer Olympics cheering on the fledging Canadian track and field team to a “longshot” to victory. Several university friends were on the team, and my connection to the team seemed very intimate and personal. Here, people I knew were competing on a global stage, and the power of TV enabled me to close my eyes and visualize being in Seoul, South Korea.

Today, social media allows all of us have our own intimate experience with global events like the Games. Next week more than 200 countries will compete as the Olympic Games kick off in Rio de Janeiro on August 6—and thousands of brands will launch programs to engage social media fans. With Olympic viewership hitting upwards of 3.5 billion people, the advent of social media has significantly expanded audience engagement. However, such a large audience also attracts attackers and brands need to be prepared.

The Sochi 2014 Winter Games experienced social engagement on a grand scale, with more than 2 billion impressions across major social media platforms. But Sochi’s successful social media audience also made it a prime target for cybercriminals to amass their spam and malware attacks. Scammers set up fake social media accounts during the games to masquerade as corporate brands and defraud unsuspecting fans. Some top brands faced more than 62,000 potential security threats on social during Sochi.

Given the growth trends, brands will have an even greater risk of exposure during the Rio 2016 Summer Games. Social media audiences are bigger—up 21% since 2014 —and offer greater financial opportunity for hackers. More concerning, we’ve already seen a 150% increase in social phishing from Q1 2015 to Q1 2016 . This poses a real threat for companies that are planning Olympics-related social engagement.

Fortunately, it’s possible to mitigate risk using a few simple guidelines. Here are three things you can do to protect your brand:

1. Automate Your Content Moderation
Do you already have a large volume of social content to moderate? Well it’s going to go through the roof this summer. Based on the increase in content we saw during the Sochi Games, we estimate top corporate brands will need to moderate 3,800 pieces of content per day during the Rio Olympics.

You might see blatant spam messages on your Olympics social program feeds, like these:

Sochi Social Media

And you might need a keen eye to catch phishing lures added as comments on social media pages that are intended to reach your large audiences. This phishing link may have reached up to 1.4 million people.

Olympics Blog Image 2

Implementing a tool to provide automated content moderation is the ideal approach to relieve your social media team from burdensome, manual review of every post. Proofpoint SocialPatrol provides real-time content filtering that automatically removes malware, profanity, hate speech, and other dangerous content from your social media accounts. This approach delivers scalable content moderation that makes social media safer and more engaging for your brand and community.

2. Prevent Brand Fraud
Brand fraud runs amok on social media. Fake accounts are one the most common enterprise social media security challenges. These include everything from unwanted protest accounts—like “Capital-One-Sucks”—to highly convincing fraudulent accounts that spread misinformation and bait your customers to click on phishing and malware links. Fraudsters prey on customers looking for information or trying to participate in Olympics-related promotions and sweepstakes. Up to 19% of top brand accounts are fraudulent, and we expect the Rio Olympics will make this even worse.

For example, these two accounts might look legitimate, but that’s not the case. They’re fraudulent accounts claiming to sell tickets—but no tickets are available. If this happened to your brand, your social audience might be sent to a malware or phishing site.

olympics blog image 4 olympics blog image 5

Gaining visibility into your social footprint will help you get a handle on this risk. It’s nearly impossible for security and marketing teams to manually scour the social universe for every fraudulent account. Adopting a solution like Proofpoint SocialDiscover automates the process. SocialDiscover automatically scans social media networks to discover and report on all brand accounts—including fake accounts that are misrepresenting your brand.

3. Protect Against Account Hacks
Hackers hijack your social media presence to embarrass your brand, distribute malware, and gain access to your users’ credentials. Cybercriminals are especially drawn to the newsworthy nature of the Olympic Games. We expect a 200% increase in scams and security incidents during the Rio Olympics.

Real-time monitoring and remediation of social media account tampering, hacks, and abuse is your best solution to get on top of this security risk. Proofpoint SocialPatrol provides that protection— our solution detected more than 800 account anomalies and policy violations for a top brand during Sochi. ProfileLock continuously monitors your account for changes in publishing patterns, modifications to account information, and other behaviors that might indicate a hack. When a possible hack is detected, the solution automatically sends a notification so you can lock down your account with the push of a button.

One thing is clear, social media engagement provides brands with the opportunity to make intimate and authentic connections with customers and communities. Getting a handle on the associated risks—before you launch an Olympics or other newsworthy social program—means putting security at the center of your social governance processes.

Want to learn about what brand risks to look out for when running social media campaigns around the Olympics?

Sign up to receive a free personalized risk report for your brand and we’ll jump-start your complimentary evaluation of Proofpoint Social Media Protection.

Click here to see our recent CBS This Morning interview, which includes more information on the social media risks associated with the 2016 Summer Olympics. Click here for more information on how to secure your social channels.

Read more

Go For Gold: Secure Your Corporate Social Engagement for the Rio Games

The Rio 2016 Summer Olympic Games are right around the corner. From the lighting of the torch to the closing ceremonies, excited fans will be engaging on social media from August 5 to August 21. The Games also provide enterprises with a newsworthy opportunity to kick off social media marketing programs. However, with its huge social media draw, the Olympics attract hackers and scammers who use it as an opportunity to take advantage of brands and their unsuspecting fans.

Based on Proofpoint research of the Sochi Games, organizations looking to engage on social media related to the 2016 Rio Games will experience one security incident for every 10 pieces of content (posts, comments, etc.) during the games. Is your company prepared for the security challenges that come with engaging on social media? Before you launch into your “Project Social Games” engagement planning, follow these eight social media best practices:

1. Close the Knowledge Gap
Most social media activity takes place outside the corporate network—and IT usually has little visibility into the risks. Marketing and IT need to collaborate to ensure the company remains social and secure. Start by documenting your list of branded social media accounts and the types of engagement you facilitate. Develop measurable metrics to hold stakeholders accountable for the readiness and effectiveness to deal with the social risks.

2. Develop a Response Plan
Work with your risk management or security teams to proactively develop a crisis response plan. In addition to spam and malware, it should include details on what to do if you experience a social media account takeover or crowdsourced protest attack against your accounts. The plan should incorporate staff escalation procedures and pre-determined criteria under which you would shut down an account. Check out this sample plan to help you get started.

3. Refresh Your Corporate Policy
Chances are it’s probably time to dust off your corporate policy and give it an update. Most companies still need to incorporate guidelines for newer social networks, such as Periscope and Instagram. Likewise, determine if your account profile needs an update to include disclaimer links or disclosure statements. For some ideas, take a look at Intel’s robust user policy published here.

4. Limit Social Media Sprawl
Account sprawl can run rampant and lead to fake and unmanaged accounts that damage your brand reputation and customer experience. You can only protect what you know. Use an automated solution to efficiently find, categorize, and track your company’s accounts across all social networks. Follow up with social networks to take down fraudulent accounts.

5. Adopt Two-Factor Authentication
Boost your security settings on your Twitter account. Turn on two-factor authentication that requires phone verification each time you log in. You should also update your settings to require a password each time you log in from a mobile device. Eliminating automatic authentication provides stronger protection against account hijacking.

6. Use Strong Passwords
Make sure you’re implementing a good password policy for your social accounts. Construct strong passwords that are unique for each of your social media accounts. Avoid writing them down and don’t share your passwords with others. Security guidelines recommend frequent password changes— an update every 60 days maximum is good best practice to follow.

7. Limit Connected Apps
Apps connected to your social media accounts, such as Tweetdeck and Feedient, are also like back doors for hackers to gain access and take over your social presence. Disconnect apps you are not using and be careful about linking new apps to your accounts.

8. Enable Encryption
Make sure your encryption settings are turned on when you’re using social media. Encryption is usually enabled by default, but it’s good to check your account privacy settings to ensure it hasn’t been deactivated.

Follow these social media security best practices, and your 2016 Summer Olympics social engagement will be a big win for everyone.

If you want to learn more about the social media risks facing your brand, sign up to receive your complimentary brand risk assessment and we’ll send you a personalized risk report.

For more information on 2016 Summer Olympics social media risks, click here to see our recent CBS This Morning interview and click here for more information on how to secure your social channels.

Read more

Instagram Attack Spotlights Blended Social Media and Email Trend

Instagram continues to increase in popularity and unfortunately cyber criminals have caught on. A recent Instagram attack has highlighted an important phenomenon—the blending of social media and email attacks. The attack, which netted cyber criminals tens of thousands of euros, spotlights that email and social media channels often share a criminal connection. Sharing threat intelligence between these two channels will be vital to combatting future cyber attacks.

What happened

It appears that two Dutch hackers sent email phishing lures to individuals with large Instagram followings (e.g. rappers and celebrities) to steal their Instagram account credentials. The fake emails appeared to originate from Instagram itself and asked potential victims to login to a bogus Instagram destination. This initial phish worked to the tune of more than 100 Instagram accounts. The hacker then used those stolen credentials to take over accounts and approach brands with offers to promote their products on Instagram for a fee (by wearing their clothing, etc.). The attackers managed to siphon tens of thousands of euros from brands that fell for the con.

Why is it important?

At Proofpoint, we see threat actors using spoofed or hacked email accounts to impersonate high profile individuals all the time. We see similar impersonation tactics used in the social media world with fraudulent and hacked social accounts. The recent Instagram incident in Europe is interesting because it incorporates a creative combination of both email and social impersonation. The attacker first impersonated Instagram via email to steal account credentials. With account credentials in hand, they assumed the account owner’s identity to con their target brands. Just as consumers around the world blend email and social media in our everyday lives, attackers are learning to do the same. Social media attacks are mirroring email attack techniques that have been successful for years. This Instagram attack also highlights the increasing value of stolen social account credentials. The black market makes it possible to buy stolen social account credentials at prices comparable or greater than credit card data. Rather than buy mainstream credentials, the Dutch hackers devised their own phishing scheme targeting high profile and therefore high value accounts.

So why are attackers targeting social accounts?

Hacking into a popular brand or famous individual’s social media account delivers trusted access to hundreds of thousands, or in many cases, millions of consumers. This puts bad guys in position to assume the identity of the brand to carry out a wide range of scams or distribute malware across massive audiences. By comparison, gaining control of an individual email account delivers trusted access to that individual’s personal contacts. It is critical for security teams and individuals to understand that familiar email attack schemes have moved into social media. Most people are cautious of offers, links and attachments in email. That same caution needs to apply to social media. The lines between social, email, mobile and other communications channels are decreasing—and cyber criminals are using the same techniques. At Proofpoint, we share threat intelligence between social media, email and mobile to inform our security measures. The more information we share; the better protected our customers become.

Read more