Monitoring Social Media for Fraud
Social media connects brands and businesses to their target audiences, driving greater awareness, revenue and loyalty. Among social media users, 86% follow brands and 57% are more likely to buy from those brands. Social media conversations also provide a real-time window into customer sentiment.
Unfortunately, fraudsters also use social media’s speed, reach and ease of audience engagement to impersonate trusted brands and scam their customers. This poses a serious reputation risk to these brands. To protect their customers and reputations, companies need to make active brand monitoring part of their social media activities.
In 2021, social media scams accounted for a quarter of all reported fraud losses in the United States, costing victims $770 million, according to the Federal Trade Commission. This represents an eighteen-fold increase since 2017. Nearly half of those social media fraud losses involved social commerce, where companies use social media platforms to market and sell products and services. The problem is also not limited to the United States. In the Asia-Pacific region, for example, more than 75% of all scams analyzed by one security group in 2021 were carried out on social media.
Brand impersonation scams can trick loyal customers into turning over their account credentials or spending money on orders that will never arrive. Ultimately, this can sour customers on the brand altogether. In fact, a March 2021 ClearSale survey of online shoppers found that 84% would never shop again on a website that allowed fraud with their payment data.
Brand monitoring can also surface legitimate customer concerns that are worth tracking. It is important to make sure the brand engages in a timely and appropriate way, as unresolved or unacknowledged customer complaints can tarnish the company’s reputation over time.
Brand monitoring is often carried out in marketing or customer service departments, but effective, comprehensive social media risk management requires clearly defined governance, coordination and communication across departments.
How Social Media Scams Unfold
In order to mitigate the threat of fraud scams, everyone in your organization who works on social media or in risk management should first understand how fraud happens in social channels. Organized social scammers are typically after three things: money, account credentials and access to the victims’ social connections. To achieve their goals, fraudsters use a variety of brand-exploiting tactics. The following are some of the most common approaches:
Brand impersonation can be as easy as copy-pasting a company’s real logo and using it to create a fake profile that is similar enough to fool people distractedly scrolling through their feeds.
Executive impersonation uses the same tactics to create a fake profile of a business leader. This approach is more common when the business has a high-profile executive with an established following of their own.
Account takeover uses stolen or guessed credentials to hijack accounts and use them to impersonate a brand, company leader, employee or loyal customer. This tactic is especially effective because it is a real account with real social connections the attackers can leverage to expand their range of targets.
Social media fraud methods can range from simple to alarmingly sophisticated:
Giveaways can trick social media users into sharing their login credentials. This kind of scam post directs viewers to a website that looks like the brand’s store, but is designed to capture victims’ personal information or login credentials as they enter them thinking they are registering for a prize drawing that never happens.
Fake product posts may use product photos taken from the targeted brand’s website, often with a “special discount” that drives viewers to click through. Again, they are taken to a fake website. This time, they enter their payment data as well as their personal information to complete their order, so the scammers get both the order revenue and information for card-not-present and account-takeover fraud.
Targeted fake ads make fake product posts and giveaways even more threatening to consumers and brands. Criminals who know the brand’s audience profile can buy their own ads and target them to reach the same audience. Just as for legitimate social commerce, the goal is to generate more conversions and more revenue, unfortunately at the expense of customers and businesses.
Mitigating the Threat
The first step to preventing or interrupting social media fraud is to make sure your company has an up-to-date, comprehensive social media governance and risk management plan. This plan should address reputational, regulatory compliance, legal and cybersecurity risks as these issues often interconnect. The plan should also spell out which teams are responsible for creating and monitoring content and mentions on each social platform where the brand is active, the review process for adding new social platforms, and response and reporting procedures when fraud is suspected or confirmed.
Social listening should be part of your brand’s risk management plan as well. Social listening involves monitoring social media channels for mentions of your brand, executives and even your most popular products. Reviewing those mentions can help you address fraud attempts as they arise. Your customer service team may be the first to hear about impostor accounts and scams, and the plan should tell them whom to contact when they get those reports.
When you find fraud involving your brand on social media, take immediate steps to document the fraud, report it and alert your customers. Take a screenshot of any posts, ads, threads and fake websites. Include those screenshots and any customer feedback you have received when you report the fraud to the social platform. Report fake websites to the platform they are hosted on.
Keep in mind that reporting a fraudulent post, ad or website does not guarantee that it will be removed quickly (or at all, in the case of a fake website). You will also need to counter the fraudsters with social posts warning your audience about the scam. Include the alert on your website and in customer emails as well. Your social team should also be ready to enter conversations that mention fraud or scams related to your brand. Let your customers know you want to keep them safe and ask them to contact you if they see brand impersonation scams. If your brand is a frequent target of social media scams, you might want to add a scams and safety FAQ to your website and link to it in social media profiles and in emails.
Brands need to stay vigilant to protect their relationships with customers, their reputation, and their business. A risk governance program that coordinates social media management and response is critical to maximize the benefits of a social media presence while minimizing the risks of fraud.