Brand Abuse, Data Leakage

Executives Can Be Victims of Online Fraudulent Misrepresentation

By Andre Luiz R. Silva on
SHARE

Imagine the following situation: You need to send some important information to your boss, and you receive an email or message on one of his social networks, asking for that data. But it was all a case of identity theft that ended up making you (or even your clients) victims of a scam, so that sensitive data could be stolen. Unfortunately, this is not fiction — it really happens!

 

What is online identity theft?


Identity theft is a kind of crime that occurs when someone appropriates the identity of someone else in order to deceive and harm the other person. The most common motive is, of course, financial.

But the problems don’t stop there. When executives’ identities are stolen, both they and their company become targeted by the criminals. And, considering the infinite possibilities of the online world, someone may right now be thinking of impersonating an executive in order to pull off a con. After all, creating social network profiles and email accounts is simple and free.

 

In what ways might an executive be hit?


There are two huge problems that affect executives: use of their image and leaks of their sensitive data and information. In general, these two are the root of problems that can lead to critical situations, such as leakage of the company’s data, or hustles that affect clients.


Fake profiles

A fake profile of an executive (be it on Instagram, Facebook, LinkedIn or any of a number of other social networks) may not contain any brand or company image, and may use only the target’s photos and/or name. But it’s important to note that even if clients see no obvious mention of the brand in the profile, they can still be deceived when they do a search for more information about the individual, and from there make the connection to the company.


Fake email addresses

The use of fake emails is generally directed at employees. Fake emails generally request data, important documents or even bank transfers, and are sent using typosquatting, a way of using the brand name in the domain with a slight change in one character. An email that originally would be “executive@yourbrand.com” would become “executive@yourbran6.com,” and might go unnoticed by many people.

Because it’s already becoming so common, this email practice has been dubbed CEO Fraud. And the cybercriminals really set the stage. They research all possible information about the executive so that they won’t be found out. At the same time, they know how to manipulate using psychological factors, since all employees take any email from the CEO or president very seriously. In some cases, even the victim’s information is gathered, to make them more susceptible to the allure.


Data leakage

Executives may become online victims in yet another way: having their data leaked! What often happens is that data may be stolen and exposed on the Internet (in a wide variety of locations, whether on the surface web or the deep and dark web) and soon after be used or stored by someone with ulterior motives.

In these cases, the criminal can even get an executive’s actual credentials (login and password), which enables the collection of all information to which the executive has access. Or, in an even more worrisome scenario, if the executive uses the same password on a social network as well as the company’s system, the fraudster can easily test the same password in both locations.

 

How can this be avoided?


The primary advice is always to raise awareness! Offer demonstrations, send emails, talk about it in the hall...Information about security is fundamental in these times when digitalization is reaching increasing numbers of people. And the same goes for your clients! Instruct everyone to always be skeptical and to protect their data as much as possible.

But since nothing is perfect, something could always happen. That’s why we recommend that you have on hand a good monitoring tool. Here at Axur, we detect thousands of URLs daily — on the deep and dark web as well — with the help of our robots. Check out our solutions to discover all we can do for you (and for your executives!).

event-image

ESPECIALISTA CONVIDADO

Eduardo Schultze, Coordenador do CSIRT da Axur, formado em Segurança da Informação pela UNISINOS – Universidade do Vale do Rio dos Sinos. Trabalha desde 2010 com fraudes envolvendo o mercado brasileiro, principalmente Phishing e Malware

AUTHOR

Andre Luiz R. Silva

A journalist working as Content Creator at Axur, in charge of Deep Space and press activities. I have also analyzed lots of data and frauds here as a Brand Protection team member. Summing up: working with technology, information and knowledge together is one of my biggest passions!