Hashtag phishing is on the rise – five ways to protect your brand

Social media phishing is becoming a credible threat and brands need to be equipped to combat attacks, says Tim Bentley. Businesses can defend themselves against image hijacking quite easily, here’s how.

Hashtags are a great way to promote your brand on social media – they create buzz, help fans follow your company’s activity and encourage engagement. But brand hashtags can also put your organisation at risk, no company can own or control the hashtags it promotes and bad actors take advantage of that.

Once your social media team invests in making a hashtag popular, cyber-criminals can hijack it to target your fans and followers with malware and phishing links. These types of attacks are on the rise. According to Proofpoint research, social media phishing links grew 70% and fake customer support accounts used for phishing jumped 30% from Q3 to Q4 in 2017.

Here are five ways to reduce the risk of hashtag hijacking:

1. Delegation mitigates social media risk

Align stakeholders across marketing, IT security and legal departments to help identify and manage social media risk. Conduct mock attacks to ensure your policies, procedures and tools effectively prevent hashtag hijacking and branded term attacks.

2. Remove unwanted posts

Conduct a security audit of your company’s social media accounts and work with marketing to remove any malicious content. Leverage security technology that can highlight malicious posts — such as malware, phishing, profanity, hate speech and pornography — using your hashtags and automate their removal.

3. Automate social media monitoring

After auditing and removing malicious content from your social media accounts, your organisation must monitor those accounts to prevent future attacks. Cyber-intelligence and threat monitoring should be a core pillar of your organisation’s digital and social media strategy. Again, leveraging a security technology to consistently scan your brand hashtags and terms for malicious content is the best way to proactively keep your customers and employees safe on social.

4. Shut down fraudulent accounts

In carefully crafted attacks on your fans and followers, cyber-criminals not only create posts hijacking your hashtags but also may submit those posts from a fraudulent account that appears to be official. The average company has ten brand-owned social media accounts and potentially dozens more fraudulent accounts associated with that brand. To protect your brand’s identity on social media, submit takedown requests for any fraudulent social accounts you discover that are spoofing your brand identity.

5. Blacklist threat actors

Set up blacklist rules to block the fraudulent social media accounts and bad actors who troll your hashtags with tags like #likeforlike and #followforfollow that attempt to use your social presence to increase their exposure.

 A strong social media security strategy supported by the right technology is critical to protecting your brand identity online.

Tim Bentley is vice president, APJ at Proofpoint

Further Reading:

 

 

 

 

 

 Image copyright: jpgon / 123RF Stock Photo