The Wild West of Social Media Fraud
SIM Swaps, Deepfakes, and Data Breaches are just the beginning when it comes to the perils plaguing the world’s leading social platforms. This Week in Fraud News, September 5, 2019.
Social media continues to be the signature arena within which the fraudsters and the anti-fraudsters wage their epic battles, and this week’s news was full of gripping social fraud sagas.
Some of the most notable stories had to do with the fact that Twitter’s Twitterer-in-Chief had his own account hacked, and courtesy of WIRED we learned that a SIM issue was the root of the problem:
SIM Swap fraud has been around for a while, but thanks to hackers like the “Chuckling Squad” (the group claiming credit for the Jack Dorsey account takeover), the technique is gaining new levels of prominence in our fraud discourse.
Twitter’s response to the incident included disabling tweeting via SMS, as reported by The Verge:
“The ability to tweet via text was important to Twitter in the service’s early days, but it’s more of a legacy feature at this point since most people rely on the smartphone app. The feature still exists, though, allowing you to text a number, such as 40404, and have that message posted to your account. That can lead to real issues when someone’s phone number is stolen, which is a technique that hackers increasingly use to compromise accounts because phone carriers often don’t take care to properly secure them.”
DataVisor wrote in depth about SIM swap fraud earlier this week, describing the complex anatomy of a SIM swap attack, and detailing the potentially devastating aftershocks:
Aftershocks are an extremely important consideration when it comes to any type of fraud activity. This is certainly the case with data breaches, as it’s never the leak itself that’s the problem, it’s what happens to the data after it gets loose in the world.
Facebook knows this all too well, and they’re learning it all over again, as we discovered from TechCrunch this week:
“This latest incident exposed millions of users’ phone numbers just from their Facebook IDs, putting them at risk of spam calls and SIM-swapping attacks, which relies on tricking cell carriers into giving a person’s phone number to an attacker. With someone else’s phone number, an attacker can force-reset the password on any internet account associated with that number.”
SIM swap attacks again!
The world of digital fraud is truly a roiling cauldron of illicit innovation, and fraudsters are becoming ever more adept at developing their own unique formulas for new attacks.
Into the fray comes … deepfakes:
This is digital crime at a whole new level. Are deepfakes the new frontier of fraud? Facebook seems to think so. Fortunately, at least when it comes to this kind of attack, they’re trying to get ahead of things. They’re also not alone in their efforts:
“Facebook, as part of a coalition with Microsoft, the Partnership for AI, and several universities including Oxford, Berkeley, and MIT, is working to empower the side of good with better detection techniques.”
When it comes to the subject of digital fraud, you can’t talk about it without also talking about data, and when you talk about data in this day and age, inevitably, you’re also going to end up talking about privacy. The world has long operated on the assumption that the more data we collect, the more intelligent our systems will be. That’s a dangerous assumption, and it has troubling repercussions, as we saw with Google and YouTube this week:
“YouTube Wednesday announced massive changes to how it treats kids videos, as the US Federal Trade Commission hit Google with new rules and a record $170 million penalty to settle a probe into the privacy of children’s data on giant video site.”
Facebook, Twitter, YouTube, Google — they’re the titans of tech, but they’re also all in trouble. Too much data, and too many vulnerabilities, have created a new kind of digital “wild west” — a lawless, dangerous place where new and emerging attacks can come from seemingly anywhere, and anyone can become a victim. Bringing law and order to the chaos will require a new kind of heroics, and all at DataVisor are committed to the cause.
Please join us next week, as we take another look at where the dangers are, and what can be done about them!
