Articles about website spoofing, cybersecurity trends, and how to protect your customers from hackers.
Recently, a number of brands have approached our threat response team about fake social media accounts impersonating executives at their companies. Scammers impersonating an executive on social media is a form of digital identity theft; it aims to exploit an executive’s reputation to gather victims’ sensitive data including credentials, financial information, or to discredit an executive or brand. Handling these incidents gets especially tricky when a company executive does not have an established social media presence.
In one case, a CISO sought guidance on taking down accounts on Facebook and Instagram impersonating an executive that did not have or want accounts on either platform. This is common. We help a number of brands with executive impersonation where the executive has no intention of creating or nurturing a presence on social media platforms. And, without an authentic pre-existing account to point social media abuse teams to, we find that the social media platforms are slower to act.
Currently, our top-tier takedown team observes that X/Twitter and LinkedIn handle these cases more efficiently (for more, read our blog post about responding to fake LinkedIn profiles that impersonate your brand or employees). While it’s speculation, our team suspects that recent lags in abuse responsiveness from Facebook and Instagram might be due to Meta’s increased focus on its verified account programs, possibly prioritizing takedown of spoofs related to verified accounts.
In the past, prompting Facebook or Instagram to take action on a spoof involved having the impersonation victim (the executive) take a selfie in a mirror while holding a government-issued ID. Now, however, Meta abuse teams are not taking action as swiftly as they once did.
X and LinkedIn taking action more quickly typically results in shorter takedown times compared to Facebook and Instagram. However, these sorts of takedown timeframes ebb and flow over time as each platform updates their account verification policies, which can sometimes change from week-to-week.
Establishing ownership of accounts associated with your brand, executives, etc. on social media is crucial for swift enforcement/takedown. Some executives prefer not to maintain accounts on social media platforms. Creating accounts for such executives, even if they remain inactive, goes a long way in streamlining response to impersonations of that executive. Most of the platforms ask for a link to an authentic profile as part of the impersonation reporting process. You may also decide to go as far as completing the social media platform’s verification process for that account. In general, having a verified account for an executive will accelerate the takedown of spoofs.
Here listed are verification processes for various social media platforms:
Another tip that might work for brands that advertise on social media is to imply the potential withdrawal of their advertising spend. For example, when one prominent brand reported impersonations of an executive that lacked a social media presence, they didn’t see results initially. However, after contacting their advertising sales representative, action was quickly taken to remove the spoof accounts. Indeed, this was a major brand, probably with a substantial advertising budget. Brands with smaller spends might not experience the same outcome, but it may be worth a try. It seems that when some platforms sense that advertising revenue is at stake, they become more responsive.
Our threat response team is seeing increasing volume in executive impersonation on social media. As platforms update their policies and procedures, CISOs and their teams need to stay informed in their approach to safeguarding the online identities of their company’s leaders. Sometimes the best approach is to outsource this function to an online brand protection expert such as Allure Security that stays abreast of the latest changes and knows the ins-and-outs of the quickest route to takedown at any point in time.
Posted by Sam Bakken