In Q2, malicious attacks targeting organizations on social media have increased more than 20% over Q1, according to the latest Agari and PhishLabs’ Quarterly Threat Trends & Intelligence Report.
Agari and PhishLabs analyze hundreds of thousands of phishing and social media attacks every quarter to identify the top threats targeting enterprises, their brands, and their employees. In this post, we discuss the industries most prone to attack on social media, and the top threat types found on those platforms.
An organization’s brand presence on social media has become closely associated with its success, as social platforms serve as highly trafficked and competitive marketing tools. Threat actors are abusing stolen trademarks, logos, and content from brands to engage in impersonation and multi-channel counterfeit schemes.
The average organization can now expect to experience nearly 95 malicious attacks on social media per month. This is a more than 100% increase in threatening incidents over the course of a year. The threat types in this dataset do not include the considerable volume of attacks solely targeting a brand’s reputation.
Top Threat Types
The impersonation or spoofing of a brand or executive on social media contributed to more than 40% of share of all incidents in Q2. This is the second quarter Impersonation attacks have represented the majority of threats, despite experiencing a 6.1% decrease from Q1.
Notably, Executive Impersonation has climbed steadily for four consecutive quarters to represent more than 15% of share of attacks. Impersonating a corporate figure on social media is unchallenging and effective for threat actors, as personal images and commentary are increasingly accessible online. A positive executive presence on social media is indicative of the health of a business, and misleading or malicious accounts tied to the face of an organization have the ability to cause lasting brand damage.
In Q2, Fraud represented the second most encountered threat type after a 5.6% increase over Q1. The damage associated with Fraud on social media has the potential to be far reaching, and includes the unauthorized exposure of banking and account credentials.
Cyber Threats, such as hacking, also experienced an increase in activity, representing 24.3% of attacks. Incidents of Data Leaks and Physical Threats were nominal, representing 0.4% and 0.7% of attacks, respectively.
Attacks By Industry
In Q2, the Financial Industry represented the majority of social media incident volume, fueled in part by increased fraud and impersonation attacks. Nearly 70% of attack volume targeted the group, consisting of National/Regional Banks, Other Financial Services, Credit Unions, Cryptocurrency and Payment Services.
Banks were the most targeted industry in Q2, contributing to 30.5% of share of incidents. National and Regional Banks consistently experience the highest level of abuse compared to all other industries. Other Financials (i.e. asset management and financial advisory firms) came in second, after experiencing a 6.2% increase over Q1 to represent 17.6% of incidents.
Both Computer Software and Credit Unions were targeted more in Q2, contributing to 13.4% and 9.4% of share of activity, respectively. Credit Unions saw a spike in activity across multiple attack vectors in Q2, including credential phishing and the dark web, suggesting a possible shift in threat actor strategy to target smaller financial institutions.
While attacks targeting the Retail industry declined in share, the volume of malicious incidents climbed in Q2. This increased abuse is attributed to criminals capitalizing on the growing presence of legitimate retail brands using social media as a primary driver for consumer engagement.
Other industries abused:
- Cryptocurrency 6.2% (+1.8%)
- Dating 5.1% (-1.7%)
- Payment Services 4.8% (-1.6%)
- Staffing & Recruiting 1.4% (-0.4%)
- All Others 2.3% (-)
Bad actors are actively using unauthorized materials on Social Media to launch attacks against legitimate businesses. As organizations increasingly turn to social channels to communicate their brands, security teams should prioritize the identification of malicious accounts, posts, and advertisements across all social channels where their data might be present. Additionally, security teams should build relationships with Social Media providers in order to rapidly remove malicious content.
Learn more about these threats in our Quarterly Threat Trends & Intelligence Report.
