Get The Latest Insights

By Jessica Ellis | June 22, 2020

Threat actors are masquerading as executives on social media for purposes of stealing credentials and damaging popular brands. Today, many executives have accounts on these platforms to network as well as post content promoting their companies.
Unfortunately, it is easy for bad actors to create fake accounts and reach massive audiences by impersonating well-known individuals. These types of attacks are capable of spanning multiple social channels and can result in swift and devastating outcomes for both the executive, as well as their brand. In order to minimize the risk associated with impersonation attacks, security teams should put into place strong social media threat monitoring measures. 
Threat actors can use impersonation to abuse these social media accounts in a variety of ways. They can post negative or derogatory content pointed at a group of people or provide fake updates about the brand they appear to be connected to. Depending on the platform, this information can be liked, shared, or commented on by other users rapidly. Threat actors might even include another brand or highly visible individual in their post by adding a hashtag, allowing the post to reach an even broader audience and resulting in more damage.
Some threat actors even use impersonation accounts to promote a fake giveaway or contest. Because the promotion is advertised by a visible and, by default, reputable source, the chances that victims will fall for the attack are higher. 
Executive Impersonation Examples
Executive impersonation is popular among threat actors on social media because of the credibility attributed to the individual they are pretending to be. An executive is in theory well-known, successful, and connected to a popular brand – why should anything they say or do on social media be questioned? Because of this, impersonation is also used in conjunction with other threat types across social media.
Today, one platform alone has almost 2 billion users interacting daily on their site. Because of the vast number of users on social media, the negative impact of threat actors masquerading as an executive can be swift and devastating. Distrust and loss of brand loyalty can lead to a wandering customer base, declining sales, and investors turning elsewhere. Bad press on these platforms will most likely lead to a damaged reputation and frequently, financial loss. In order to avoid the fallout of an executive impersonation attack, security teams should actively engage in social media threat monitoring.
The below examples represent different ways that social media is being abused through impersonation scams. 
The example above uses a real name and photo to impersonate the chief executive officer of a global financial institution. The page uses both unsavory language as well as images reminiscent of cash flipping and forex trading scams. 
The second example impersonates a high-ranking executive. The page lists her name, title, and states the company she works for, however, the location is suspiciously listed as Nigeria. Professionals on this particular platform are accustomed to messages from job recruiters and individuals soliciting their goods or services. Threat actors are using this to their advantage by sending private messages from these impersonation accounts asking for personally identifiable information (PII) or money. 
The final example is an impersonation account on one of the largest social media platforms. The fake page is supposed to belong to the CEO of another global financial institution and uses real photos, his real name, and location of the company’s headquarters. If another user interacts with this account believing it to be real, anything they share with the threat actor has the potential to be compromised. In addition, if the threat actor posts anything controversial, it could be detrimental to the real CEO’s reputation, as well as his company’s. 
With so many active users and bots, it is difficult to know whether you are communicating with a real person on social media. In 2018 alone, Twitter caught the attention of its users when they purged 70 million fake accounts. Threat actors understand how difficult it is for the average user to distinguish between what is real versus what is fake, and as a result, are actively impersonating executives. Threat actors are also aware that part of the draw of these platforms is the ease in communication they provide, and that works to their advantage. Impersonating an executive on social media grants them the audience and the speed in communication needed to execute their malicious activity effectively.
To learn more about how PhishLabs can help enterprises defend against executive impersonation, visit
Additional Resources: