Financial scams have doubled in the past year on social media but only a small pool of cyberattackers appear to be behind the surge.
According to ZeroFOX researchers, around 250,000 finance and banking scams were lurking on social media platforms including Twitter and Facebook in 2016, but now, this estimate has almost doubled having reached a total of 437,165 fraudulent campaigns.
On Thursday, the cybersecurity firm released a new report titled, "External social and digital threats to financial institutions."
Within the paper, the firm's researchers say that if every scam claimed one victim on average, this would equate to $180,986,310 in total global losses due to social media-based financial scams.
This does not appear to be the case in reality, but the sheer number of scams on social media designed to target financial data, bank accounts, and cash funds still do pay.
Based on reported incidents and losses, the average victim ends up losing $414 per scam, which is the work of a relatively small number of scam artists -- 18,175 in total, in fact.
Social media offers platforms for businesses to connect with customers, a way to improve engagement, an avenue for positive comments and complaints, and also allows average users to create networks of friends and colleagues.
However, the sheer size of platforms such as Facebook, Twitter, Instagram, and LinkedIn also gives fraudsters a wide pool of potential victims.
There are three techniques mainly used on social media platforms to hoodwink users and pretend to be financial service (FinServ) institutions. Social engineering is a common theme, as is what ZeroFOX calls "spray-and-pray."
This tactic encapsulates when attackers cast the net as wide as possible in the social media pool before honing in on their targets.
Through this model, victims usually engage with a payload in a manner similar to a watering hole attack, and they are planted where victims are most likely to engage with them -- such as in malvertising or a fraudulent domain which mimics a legitimate website.
"Attackers use FinServ hashtags & follower monitoring, the process of engaging with the follower's of an organization's brand account, to segment and deliver convincing advertisements to sympathetic user audiences," the researchers say. "The most lucrative targets include FinServ customers or prospective customers, whose card-holder or other membership status, available funds, and general interest increases their probability to engage with a malicious offer or fall for a social engineering ploy."
"Once identified, attackers engage offline or out-of-band, such as via direct message (DM). The attacker nurtures individual leads on a more personal basis until the transaction has finally converted," the report added.
Ironically, the cast of a wide net before honing in is similar to today's sales techniques, made possible through tailored advertising, feeds, and tracking.
Another technique is called "land-and-expand," in which attackers target specific organizations or users -- similar to spear phishing -- and then use these victims to find others of similar interest.
In this model, victims are selected beforehand and scammers perform reconnaissance before attempting to lure them into parting with financial data.
This research into targets may include finding public information, membership lists or groups, "liked" content on social media, timeline information, and demographics.
According to ZeroFOX, both techniques have been leveraged to execute scams, for spear phishing campaigns, targeted malware distribution, account takeover and data exfiltration.
"[The research] illuminates the broader challenge of detecting threats on social media, which is increasingly exploited by malicious actors to undermine FinServ brand integrity, data security, and bottom lines," the team says. "Affected organizations need to implement a combination of manual controls and automated, data-driven approaches to identify and remediate external digital and social threats."
Previous and related coverage
JPMorgan boss Jamie Dimon has not minced his words when it comes to the cryptocurrency.
Banking customers will now be able to hold and buy Bitcoin, but what does this mean for anonymity?
Hackers are looking to crack ATM networks without needing physical access to the devices. And many cash machines are running antiquated versions of Windows like Windows XP.