FTSE 100 firms swamped by Facebook and Twitter imposters, study finds

Users conned, firms unaware

Eight out of ten of Facebook accounts claiming to be connected to a selection of the UK's best-known FTSE 100 brands are unauthorised and almost certainly bogus, an analysis by security firm Proofpoint has discovered.

The figure for Twitter isn't much better with four out of ten branded accounts being unauthorised. Very few of the firms involved - not to mention their customers and followers - seem to be aware of the scale of the problem.

During January, the firm studied social accounts connected to ten large FTSE 100 firms in finance, media, retail, pharma and manufacturing, uncovering an astonishing 3,800 accounts connected to them across Facebook, Twitter. Google+ and YouTube, an average of more than 300 each.

Accounts could in theory be one of three types: verified legitimate accounts, unverified legitimate accounts (i.e. set up by employees without permission), and unauthorised, exploitative accounts using the brands for nefarious purposes such as generating traffic or pushing malware. A fourth type of account - legitimate hacked accounts - was also possible but presumably very rare.

In practice, the number of bogus or unauthorised accounts seemed to form the majority, with Facebook and Twitter presenting the biggest problems for the ten firms looked at.

The question is how much the firms involved know about the scale of the problem and its effect on the users who find it hard to distinguish real from bogus - the images above (fake) and below (genuine) provide examples. Both look plausible even though one is completely fake

It can be inferred from the size of the problem that few of the firms studied have any idea that hundreds of bogus Facebook and Twitter accounts have borrowed their brands or they'd attempt to do something about it.

"It's what we call social sprawl. Organisations are trying to figure this out. Most start with manual process and struggle to get a sense of the footprint," suggested Proofpoint's Devin Redmond.

In his view very few firms have any automated way of detecting social account abuse, which is why Proofpoint is keen to push its Social Threat Center, a product acquired last October as part of the Nexgate acquisition. This functions as a sort of console for monitoring accounts across a range of services and incorporates a function to simplify the reporting of non-legitimate accounts.

"Social has happened so quickly outside the traditional realm of fraud monitoring. Most organisations are just becoming aware of how to deal with the problem. They tend not to know a lot about social media," he said.

The problem was being compounded by the culture of large UK firms, which tend to hand social function to non-technical people. At the same time, the more technical people who do understand security tend not to be skilled at understanding social media.

As for the users, telling some of the bogus accounts from the real McCoy is not easy on casual inspection. Bogus accounts can have large numbers of users and likes and look perfectly legitimate.

Previous research by the firm showed that US firms have about the same size of problem but have been quicker to buy automated tools to detect and remediate problems, and face more social governance regulation. This is despite the fact that big UK brands are around 20 percent more active in terms of social media use, Redmond said.

By sector, UK finance was the best policed, media firms easily the worst.

But is monitoring perhaps a luxury? According to Redmond, not so. Constant vigilance was now essential with even harmless-looking social accounts able to spring into malevolence quite unexpectedly should a particular event start to trend.

At the very least, firms unable to monitor social accounts faced brand pollution, at worst potentially thousands of their customers could quickly be drawn to malicious links and malware.

Join the CSO newsletter!

Error: Please check your email address.

Tags online safetyproofpointGooglesecurityscamstwitterIdentity fraud / theftyoutubeFacebook

More about FacebookGoogleProofpoint

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts