Whether it’s on Twitter, Facebook, Instagram or Snapchat, the time we’re spending on social media is increasing every year. It was estimated at the beginning of 2017 that the total number of social media users in the UK reached a whopping 39 million, while reports suggest we’re now spending as much as two hours per day scrolling through our social feeds.
But while social media allows us to share experiences, communicate with our peers and is a great source of news, it also has its risks. In light of International Fraud Awareness Week, which came to a close on November 18, it’s important that organisations, including financial services providers, understand that the threat of cyberattacks and infiltration through social media is very real.
Consider, for example, that Russian hackers reportedly broke into the computer of a Pentagon official – through his Twitter account. A link in a Twitter post offering the bait of an attractive-looking holiday offer was the means used to gain access.
More education is needed, not only around being careful with links or content that is shared by others but also around the information that users reveal when posting, such as their location or other personal information including dates of birth, addresses or even phone numbers.
Fraudsters can collect and exploit this information for identity theft – potentially making purchases or carrying out transactions that the real user knows nothing about. Identity fraud has risen significantly with social media as the ‘hunting ground’, according to fraud prevention service Cifas. This is because people tend to be more trusting on social media, perhaps because they feel that they are ‘amongst friends’ and in a sharing environment but they need to be aware of the risks and adapt their behaviour accordingly.
Here are four common ways that the cyber threat is being played out on social media platforms:
Spear phishing – sending malicious links or files through a social media post.
Authentication credentials – stealing the customer’s authentication details at login, often through having installed a keylogger on their device (perhaps through a spear phishing attack as above). False flag attacks – again, this revolves around stealing a user’s login details usually by sending a fake request for a password reset or other authentication activity.
Subscription renewals – capturing credit card details by sending fake messages to subscribers telling them to renew. As ActionFraud warned, this has been happening with WhatsApp – even though the service stopped charging its subscription fee in 2016.
Consequently, a question arises whether financial institutions, have a role to play in helping customers protect their privacy and identity online?
Banks already offer education to customers around remaining safe online through videos, TV adverts and online guides. However, could they go further? The financial cost of Identity fraud for banks is huge – in the US alone, reports estimate it cost consumers $16bn last year – and Experian estimates that a case of ID theft can take 300 hours to set things straight again.
Educating and helping to detect and resolve incidents of ID theft through social media and online activities could provide extra protection and peace of mind for their customers, which would help to build a deeper connection and create a competitive advantage.
There are tools that can help banks raise awareness amongst their customers of the risks of social media and more broadly online. For example, Affinion works with financial institutions to provide customers with ID theft detection services that can scan the public and dark web and warn them in advance of possible threats.
However, should the worst happen and a person fall victim to an attack, they can also help provide support in resolving issue too, in the form of an ID theft helpline, legal assistance and a resolution service. Not only does this help customers in a time of need, but it also aids the customer engagement journey – positioning the bank as an organisation that’s supportive when it matters.
Indeed, Affinion’s Connected Customer research found that customers whose bank provides everyday assistance or protection related products in addition to core services are more likely to have a higher engagement score – with customers staying longer and spending more.
Ultimately, the threat of attacks through social media is growing. People need to take steps to protect themselves and this starts with education of the risks. It is also important that they have access to services to help discover if they are at risk, and assistance should they be a victim.
As they’re often one of the companies that a customer trusts most, there’s an opportunity for financial institutions to help people take pre-emptive action before cyber criminals strike and longer-lasting relationships.
By Karen Wheeler, Country Manager and Vice President at Affinion UK