How to detect and stop social media fraud

Social media – The next step for threat actors

FinConDX 2021

In the online world, fraud happens quickly. We know this to be true at Bolster because of the threat intelligence our systems collect and the customers we serve. In 2020, we detected over 6.9 million phishing and scam pages, resulting in over $ 320 billion in brand losses and over $ 1.2 trillion in fraudulent transactions. (read the full report). And at the end of 2021, we expect the numbers to climb even more.

Traditionally, a large portion of fraud has come from malicious actors targeting corporate websites through typosquatting attacks resulting in bogus websites designed to collect credentials or hijack business. Recently, however, threat actors have taken to social media platforms to stage frauds and scams. For security professionals, well, they once again find themselves behind the 8-ball of brand protection in a very responsive fashion trying to detect and remove social media fraud and scams. Without new tools and technologies to help them, security personnel will continue to struggle to stay ahead of the curve of online fraud threats.

Detecting Social Media Fraud – Why Is It So Difficult?

Detecting social media fraud and scams is difficult for a number of reasons.

  1. There are many social media platforms. First, and perhaps the most obvious, there are many social media platforms out there on the internet. Of course, there are the big platforms like Facebook, Twitter, YouTube, but there are many more covering social, news, content, personal and sharing sites. For security professionals, that means a virtually endless set of tasks that constantly roam various social media platforms.
  2. Social media fraud and scams come in many forms. Along with many different platforms to watch out for, there are also many different types of social media frauds, scams, and offenses you should be aware of (see examples below). Sometimes these are bogus advertisements leading unsuspecting visitors to fake websites or bogus offers. Other times, it’s sales of counterfeit products or services, often supplemented by fake celebrity endorsements designed to fool customers. And in some cases, these are fake profile pages masquerading as executives or celebrities, or malicious actors who stage attacks on legitimate profile pages through malicious links posted in comment fields. Staying on top of all the different types of social media scams is another full-time job.
  3. Social media platforms are not governed like websites. This may be obvious but deserves to be noted, nonetheless. Unlike websites which are governed by a global domain name registration system and a well-understood set of organizations and policies to report abuse (host, registrar, registry, ICAAN), with the platforms of social media, it’s more like the proverbial Wild West. Each social media platform has its own policies and procedures for creating accounts, posting content, and reporting abuse. For security teams, this means that traditional detection techniques such as scouring the registration lists of new domain names are not an option, and instead, platform-specific approaches must. be adopted to detect fraudulent activity or scams.
  4. Deleting and removing social media frauds and scams is a real headache **! This is the corollary of every independently functioning social media platform. When social media fraud, scams, or breaches are actually detected, the steps to take to complete withdrawals or deletions vary widely from platform to platform. This means that security teams must not only learn how to report abuse or fraud on a platform-by-platform basis, but it also means that monitoring the success of the takedown must also be done on a platform-by-platform basis. In comparison, with websites, it’s much easier to initiate a takedown and monitor the success of the takedown globally by looking at changes in global DNS records and SSL certificate transactions, for example.
How to detect and stop social media fraud

Figure 1. Fake Apple iPhone gift on Facebook

How to detect and stop social media fraud

Figure 2. Fake Apple iPhone gift on YouTube

Essential ingredients to eliminate social media fraud and scams

It’s not supposed to be a scary element, but social media fraud and scams can wreak havoc on not only your business and brand, but your security team as well. And one thing is for sure, while this is a problem for your business, it is not something that can be easily fixed with SOC analysts alone. In fact, he will especially like to crush them on the ground. Given the breadth and depth of operation of threat actors, the only solution is 1.) automation and 2.) machine learning. No ifs, ands, or buts.

  1. Automation – Autonomous workflows. With all the different social media platforms and the myriad types of scams, manual workflows for discovery, inspection, and evidence gathering just won’t scale. Instead, what is needed are automated workflows designed to scrape social media sites, grab and inspect ads, content, and URLs. These workflows should be performed daily as a basic operation for fraud and scam detection. Automating these tasks is obviously a huge time saver for SOC teams by moving repetitive tasks to the background, allowing more focus on mitigation and remediation versus discovery.
  2. Machine Learning – Trained eyes that evolve. Machine learning is the flip side of social media protection. While automation is used to replace and scale repetitive human tasks, machine learning replaces and scales trained eyes for detection and inspection. Done well, machine learning can take the burden off the process of detecting bogus ads, counterfeit products, logo violations, and even content abuse. And unlike a team of analysts, the machine learning process doesn’t get tired over time, experience eye strain, or typically fatigue. Instead, with machine learning, you have a 24/7 detection and inspection engine, allowing SOC analysts to take on more valuable roles in the overall security operation. … And avoid burnout.

Strengthen the social media protection solution

At Bolster, we recently extended our automation and machine learning capabilities to combat social media fraud and scams. With the new features, customers can automatically monitor a growing number of social media platforms for bogus ads, counterfeit products, trademark violations, identity theft, phishing campaigns and abuse of content. Bolster’s automated workflows can be accelerated quickly, allowing machine learning algorithms to detect social media frauds and breaches in real time.

As with other platform modules, social media threat data is presented in an intuitive dashboard, making it easy to track social media threats throughout the lifecycle, from discovery to withdrawal and deletion. Bolster’s detection engine, powered by natural language processing, computer vision and deep learning models, is capable of detecting fraud in less than 100 milliseconds with a surprisingly low false positive rate of 1 in 100,000.

When malicious activity is detected, detailed evidence is provided, including high-resolution screenshots with logo detection to aid in investigations and withdrawals. And for all URLs detected, our system will automatically analyze the URLs using our CheckPhish engine to determine the disposition (clean site, phishing site, scam site). If phishing is detected, the system will issue an automatic removal request resulting in removal from the site in as little as 3 minutes.

How to detect and stop social media fraud

Figure 3. Strengthen social media protection dashboard

Test the Bolster today!

Want to learn more and see our social media protection capabilities in action? Our team is ready when you are. Simply complete our demo request form for a 30-minute feature overview. We’re confident the demo will be eye-opening and confident that we have a social media protection solution that’s right for your business and brand.

Request a 30 minute demo

Learn more:
Strengthen Social Media Protection Solution Page

*** This is a syndicated Security Bloggers Network blog from Bolster Blog written by Jeff Baher. Read the original post at:

Comments are closed.