Lessons from Facebook Malware threats on verified account
A recent incident of cybercriminals sending out fake copyright complaint notifications to verified Facebook users has pointed out an extremely neglected, ignored, and underrated aspect of the digital ecosystem- Can a cybersecurity issue become a brand safety issue and vice-versa?
In the quoted incident, these criminals are targeting verified accounts of Facebook users (politicians, celebrities, and government officials) and sending notifications in the name of the Facebook security team. The notification states that the (targeted) user’s page is non-compliant with the terms & conditions of Facebook as other users have reported the page. In order to comply with the Facebook terms and services, the owner has to re-verify their account. The notification contains a malicious link that can potentially (not just) harm the device, hijack it, steal personal information such as bank login details, web browsing history, initiate surveillance, and many more issues which are beyond imagination.
Let us try to break down each and every aspect in finer detail to scan the impending disaster. To begin with, we’ll first understand the Brand Safety and infringement element.
With cybercriminals sending out notifications on the pretext of Facebook’s Security Team, the user may as well trust these notifications since scammers have veiled their identity behind a big brand (jeopardizing Facebook’s Brand Safety). Little do the users and brands realize that the trust and goodwill the brand uphold and maintains with its users will soon be shattered once it is learned that the entire scheme is a fraud. The criminals have intentionally infringed the brand’s name, logo, and reputation to carry out this fraud scheme.
Now, these cybercriminals are specifically targeting verified users on Facebook which becomes a great threat to their (targeted user’s) brand safety. Hypothetically, if a government official or a celebrity clicks on the link, what could be the possible scenarios?
• The malware will hijack the device of the user
• Steal bank details and commit a financial fraud
• Unimaginable serious (and potentially dangerous scenarios) with the stolen identity
• Wipe out their bank account to fund terrorism
• Breach privacy and initiate surveillance, a national security threat
These scenarios are not based on the movie “Eagle Eye” but real threats which await the nation at large.
Putting numbers in perspective
760 million Smartphone users
Around 630 million active internet users
448 million active social media users
These numbers represent a massive playground for fraudsters to infiltrate the digital ecosystem and commit fraud. Phishing, malware, domain spoofing, brand impersonation, SMS fraud, fake web pages, are all some common types of threats which are becoming a cause to worry. The threats today are much larger than just financial loss. India alone witnessed 1.16 million cases of cyber-security issues in 2020 and there’s been no dearth of more cases. Remember Paytm’s KYC fraud? KBC Whatsapp Fraud, fake Flipkart’s big billion sale page issues?
Every brand, every consumer is at risk of brand safety, from bigger brands to personal brands, from the president of the nation to a commoner in the state, this wave of brand safety and cyber security issues affects all the people in the ecosystem.
Accelerated digital adoption, Covid19, ever-evolving technology, they’re all contributing to the expanding digital threat landscape. Brands are thriving on digital to reach their customers and fraudsters are simply following places where money flows- digital ecosystem. It’s about time where brands, consumers, cyber security experts and economies together understand the broader context of brand safety and address the impending disaster before its too late.