In an increasingly digitalised business world, identity theft on social networks is not a peripheral issue. In fact, it is an essential component of the meticulous planning required for social engineering crimes. Fake profiles that imitate reputable organisations or their employees are intended not only to mislead, but are also a stepping stone to more serious forms of fraud, such as CEO fraud and its variants:
The legitimate domain www.patrick-mueller.de can be imitated by creating a strikingly similar fake domain www.patrick-rnueller.de. The minimal change from the letter m (M) to rn (RN) is hardly noticeable at first glance. This fake domain could then be used to specifically contact customers and business partners. Fraudsters would probably use previously intercepted e-mail communications to specifically follow up on existing conversations. This way, recipients are less likely to check the exact spelling of the sender’s address and are more likely to open attachments or click on links.
Similarly, correct profile names can be imitated on social networks and fake copies of channels can be created that look deceptively real.
Cybercriminals are using increasingly sophisticated methods to make their scams appear legitimate. The following graphic illustrates the typical warning signs that can be used to identify and prevent fraudulent contact at an early stage. Raising awareness of these common characteristics among yourself and your employees is an effective way to minimise risks. Please note that these are not the only warning signs, and fraudsters are constantly adapting their methods. Please remain vigilant at all times.
If a company or personal profile is copied, for example on social media, it is important to take determined and coordinated action:
Even better than taking reactive action is to provide preventative information and protection. The following measures help minimise risks at an early stage:
For employees:
For organisations and Marketing:
Fake accounts are rarely coincidental. They form part of professionally prepared attack strategies designed to deceive individuals and organisations. The more credible the fake, the higher the probability of success, whether through CEO fraud, fake business partners or alleged authorities. Manipulated information can cause considerable damage, particularly in the context of international business relations. Examples include payment transactions being made to the wrong recipients, reputational risks, and supply chain disruptions.
Identity theft is not a hypothetical danger, but a real threat to companies, public authorities and educational institutions. To effectively protect themselves today, individuals must be able to recognise deceptive patterns, implement targeted preventive measures, and respond professionally in the event of an attack.
Would you like to find out more?
In the Certified Fraud Manager (CFM) certificate programme, you will explore new forms of IT-related fraud (cyber fraud) and learn how to systematically recognise and combat identity theft and social engineering.
Visit www.fs.de/cfm to find out more about the content and benefits of this programme and to protect your company and your data from the latest tricks used by fraudsters.