Executive Impersonation Techniques on Social Media

Threat actors are masquerading as executives on social media for purposes of stealing credentials and damaging popular brands. 
Today, many executives have accounts on these platforms to network as well as post content promoting their companies.
Unfortunately, it is easy for bad actors to create fake accounts and reach massive audiences by impersonating well-known individuals. These types of attacks are capable of spanning multiple social channels and can result in swift and devastating outcomes for both the executive, as well as their brand.
Threat actors can use impersonation to abuse these
social media accounts in a variety of ways. They can post
negative or derogatory content pointed at a group of people or provide fake updates about the brand they appear to be connected to. Depending on the platform, this information can be liked, shared, or commented on by other users rapidly. Threat actors might even include another brand or highly visible individual in their post by adding a hashtag, allowing the post to reach an even broader audience and resulting in more damage.
Some threat actors even use impersonation accounts to promote a fake giveaway or contest. Because the promotion is advertised by a visible and, by default, reputable source, the chances that victims will fall for the attack are higher. 
Executive Impersonation Examples
Executive impersonation is popular among threat actors on social media because of the credibility attributed to the individual they are pretending to be. An executive is in theory well-known, successful, and connected to a popular brand – why should anything they say or do on social media be questioned? Because of this, impersonation is also used in conjunction with other threat types across social media. 
Today, Facebook alone has almost
2 billion users interacting daily on their site. Because of the vast number of users on social media, the negative impact of threat actors masquerading as an executive can be swift and devastating. Distrust and loss of brand loyalty can lead to a wandering customer base, declining sales, and investors turning elsewhere. Bad press on these platforms will most likely lead to a damaged reputation and frequently, financial loss. The below examples represent different ways that
social media is being abused through impersonation scams. 

jpmc impersonation insta
The example above uses a real name and photo to impersonate the chief executive officer of a global financial institution on Instagram. The page uses both unsavory language as well as images reminiscent of cash flipping and forex trading scams. 

Impersonation jpmc linkedin
The second example uses LinkedIn to impersonate a high-ranking executive. The page lists her name, title, and states the company she works for, however, the location is suspiciously listed as Nigeria. Professionals on this platform are accustomed to messages from job recruiters and individuals soliciting their goods or services. Threat actors are using this to their advantage by sending private messages from these impersonation accounts asking for personally identifiable information (PII) or money. 

impersonation jpmc facebook
The final example is an impersonation account on Facebook. The fake page is supposed to belong to the CEO of another global financial institution and uses real photos, his real name, and location of the company’s headquarters. If another user interacts with this account believing it to be real, anything they share with the threat actor has the potential to be compromised. In addition, if the threat actor posts anything controversial, it could be detrimental to the real CEO’s reputation, as well as his company’s. 
With so many active users and bots, it is difficult to know whether you are communicating with a real person on social media. In 2018 alone, Twitter caught the attention of its users when they purged 70 million fake accounts. Threat actors understand how difficult it is for the average user to distinguish between what is real versus what is fake, and as a result, are actively
impersonating executives. Threat actors are also aware that part of the draw of these platforms is the ease in communication they provide, and that works to their advantage. Impersonating an executive on social media grants them the audience and the speed in communication needed to execute their malicious activity effectively.
To learn more about how PhishLabs can help enterprises defend against executive impersonation, visit

*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Jessica Ellis. Read the original post at:

AWS Builder Community Hub