No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Social Media Sites: An Open Door for Financial Fraud

by Hagai Schaffer
March 17, 2016
in Risk
Hackers using social media pose a great fraud risk

Hackers can steal employee personal data, conduct email phishing campaigns and commit various types of fraud just by browsing social media sites. They use lies and manipulation to trick people into connecting with them, then gather personal information on their new friends and their connections. This presents a challenge to organizations that are already spending a fortune on firewalls, secure managed file transfer and secure email systems.  It’s difficult to monitor employees’ willingness to leak sensitive company data when they are befriended by hackers.

Dell Computer reported that fraudsters, thought to operate out of Iran, created dozens of fake LinkedIn accounts, posing as corporate recruiters to entice employees at telecoms, government agencies and defense contractors to give up sensitive information, including business emails. Symantec’s investigation also uncovered dozens of fake LinkedIn accounts across a variety of industries used by hackers to target employees.

Hackers Impersonate Employees and Vendors

Once hackers have successfully stolen employees’ personal data — including reporting structures, titles and emails — they are able to conduct email phishing campaigns.  By using company emails, hackers can pose as a senior executive, often the CFO, controller or CEO and issue a communication directing a lower-level employee to urgently execute a financial transaction to a fraudster’s account.

Hackers can also send bogus emails to employees, impersonating legitimate suppliers.  Vendors’ emails are spoofed by adding, removing or subtly changing characters, making it difficult to distinguish the perpetrator’s email address from the legitimate address. The scheme is usually detected only when employees are asked to verify the transaction. According to the FBI’s Internet Crime Complaint Center (IC3) the average dollar loss per victim is approximately $55,000, although IC3 has received complaints reporting losses that exceeded $800,000.

Emails can also be used to infect employees’ computers with malware.  For example, the Carbanak cyber gang stole $ billion from more than 100 financial institutions worldwide by sending employees emails with a link that, once clicked, triggered the download of malware that was used to identify employees responsible for ATM software. Next, the hackers installed a remote access tool (RAT) on their computers, collected snapshots of their screens and used the information collected to dispense money remotely and transfer money to fake accounts.  All of this was accomplished by initially sending supposedly legitimate emails to bank employees.

Social Media Banking Increases the Risk

As banks continue to compete for the best customer experience, they are becoming more forward thinking by using social media platforms to engage their customers and enhance their service offerings.  For example, Turkey’s DenizBank offers their customers access to their accounts via Facebook.  Kotak Mahindra Bank, one of the largest private sector banks in India, launched Kaypay, a multi-social payment app that allows customers to transfer money through social media channels.

Banks that use social media banking services are more vulnerable to brand hijacking where hackers can blatantly copy and misuse company logos and website content.  Fraudsters can impersonate a business’ online presence and deceive unsuspecting visitors into believing they are visiting the real organization’s website, opening them up to the risk of divulging personal information.

User Education and Monitoring is the best Defense

Organizations that want to protect their assets and reputation need to invest in employee training to raise awareness of the risks of using social media.   Employees should be instructed to adopt a position of sensible caution when engaging with members of colleagues’ or friends’ networks who they don’t know personally.  When evaluating inquiries originating from LinkedIn, users should seek confirmation that the individual is legitimate by directly contacting the individual’s purported employer. In addition, it may be prudent to monitor user behavior and applications on corporate networks to detect potential takeover of social media accounts and identify suspicious activity early, before damage is done.

Companies have competing priorities when it comes to social media and LinkedIn. They want to reach customers, recruit new talent and drive up online visibility. But they also have a driving need to protect their data — especially in regulated industries like banking, where a data breach could cost them not only customer loyalty, but also countless dollars.


Tags: Commodity Futures Trading Commission (CFTC)Social Media Risk
Previous Post

Best Practices for Social Media Archiving and Security

Next Post

Principles for Improving Board Risk Reporting

Hagai Schaffer

Hagai Schaffer

Hagai SchafferHagai Schaffer leads Product Management and Marketing at Intellinx Ltd., a Bottomline Technologies company, and held the same position at Sabratec Ltd. He has over 25 years of experience in the software industry in both technology and business positions. Before joining Sabratec, Hagai served as CTO at Oblicore Inc., a leading provider of Service Level Management solutions. Prior to that, he held senior technology and business management positions with SPL WorldGroup. Hagai holds B.Sc., Mathematics & Computer Science (Cum Laude) and MBA (with distinction) from the Bar-Ilan University.

Related Posts

whistleblower congress

Blowing the Whistle: Exploring Federal Protections After Twitter Testimony

by Katherine Krems
September 28, 2022

Twitter’s been in the news of late thanks to Elon Musk’s (failed?) takeover bid, but another recent bit of Twitter...

sec messaging apps investment firms

SEC Sanctions Warn Investment Firms That Good Intentions Aren’t Enough on Messaging Apps

by Mark J. Tarallo
May 24, 2022

Think your firm’s policies will protect against sanctions for failing to meet the books and records requirements? If your rules...

musk free speech tweet

As Musk’s Tweet Inadvertently Illustrates, the Letter of the Law Has Its Limits

by Christian Hunt
May 11, 2022

Aspiring Twitter owner and current Tesla CEO Elon Musk has indicated that if he succeeds in buying the social media...

elon musk twitter

Know Your Customer? Know Your Human. Compliance Lessons from Elon Musk’s Promised Assault on Twitterbots

by Peter Viksnins
May 11, 2022

Twitter’s new boss is waging war on bots. How he gets it done may offer lessons for GRC professionals. The...

Next Post
Principles for Improving Board Risk Reporting

Principles for Improving Board Risk Reporting

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT