Brand Impersonation on Social Media: A Safety Guide

With the ever-increasing surge in digital engagement through the instrumentality of social media, individuals, small businesses, and organizations are investing heavily in growing their digital footprint as a way to drive brand awareness and generate revenue. On the flip side, scammers and internet fraudsters in furtherance of their scrupulous intentions, are exerting considerable effort to exploit the brand reputation established by these organizations through brand impersonation in a bid to achieve their fraudulent ends.

What is Brand Impersonation

Brand Impersonation is an attack that impersonates a trusted brand using the name, image, or other identifying elements of the brand to trick victims into divulging sensitive or personal information for fraudulent purposes. In this article, our central focus is to discuss brand impersonation on social media through look-alike accounts and to furnish some safety precautions individuals and organizations can take to prevent these impersonation attacks as well remedial measures to mitigate the effects of the attacks when they occur.

Brand Impersonation Attacks on Social Media

Social media impersonation occurs when a page is made to look or appear as though it is the legitimate social media page for an organization or business. Three common use cases are for phishing, collecting sensitive information, and for sending funds to a fraudulent account.

Phishing: Attackers use social media phishing to harvest personal or financial information. To achieve this, an attacker may post a deceptive and irresistible phishing link such that upon clicking the unsuspecting user is routed through a series of screens and spoofed webpages where the attacker would harvest the victim’s important identifying information including sensitive data such as his/her financial data. Also, links can lead to web pages that automatically install malware on the victim’s device that does the same thing.

Collecting sensitive information: Attackers can pose as customer service representatives and elicit sensitive information such as pin and card numbers with a view to defrauding the victim.

Sending funds to a fraudulent account: If the brand is into selling goods and services, the attackers can pose as sales representatives with a view to getting the victim to make a transfer to a transit account where the funds are immediately withdrawn or sent somewhere else.

Preventive/Remedial measure

For Individuals:

  • Always do a search using the profile or page name of the company on social media. If you see multiple accounts do not proceed till you can determine which if any are genuine. Note that cybercriminals also seek out businesses that do not have a social media presence to impersonate, hence seeing only one account does not mean that it is genuine.
  • Rather than trust what you see on social media, use a search engine to determine the website of the company or vendor, then navigate to their social media handles using the links listed on their website.
  • Look for historical information related to the account. Twitter lists when the account joined on the accounts profile, use page transparency for Facebook to see when the account was opened, and use name history for Instagram. An account that has been recently opened or has changed its name numerous times is more likely to be a scam.
  • Be wary of paying money into personal accounts. Of course not all businesses or vendors will be able to have a company account, but established businesses or vendors should have company accounts. If you find that the business or vendor is big or well established then a request to pay into a personal account is a sign that you might be dealing with scammers.
  • Always do a internet search with the business name and phone numbers given with words such as “scam” or “fraud.” Use search engines, search on various social media and forums like nairaland.
  • It’s always safer to make a purchase from a business or vendor who you know someone has used and comes highly recommended.

For Businesses/Organizations:

  • Have dedicated reporting channels, either through phone, email, SMS and social media where customers can report scam issues.
  • Have in-house or outsourced personnel to monitor social media for conversations around your brand and to seek our impostor accounts.
  • Apply to have your social media accounts verified. Top social media websites like Facebook, Instagram, Twitter etc.; allow brands, business organizations to apply for a verification badge. This should allow your customers know which accounts they should trust and identify/authenticate business accounts and advertisements.
  • Carryout periodic security awareness campaigns in which customers are educated about the latest scams and preventive measures.
  • For big organizations, consider investing in AI-based advanced brand protection solutions.

In conclusion, Social media/online impersonation scams are dynamic in nature and an ever-increasing threat, but realizing that every online/social media communication between a business with its customers is a potential bait for a brand exploitation attack/scam will put you into the right frame of mind to the above proactive/preventive actions.

The post Brand Impersonation on Social Media: A Safety Guide appeared first on #NoGoFallMaga.

Nigerian Enterprises Development Interactive Scheme (NEDIS): An Investigation

Our attention has been drawn to a scheme that is set to give out funds to SMEs, Farmers, and Traders in light of difficulties experienced due to COVID-19. The scheme is called NIGERIA ENTERPRISES DEVELOPMENT INTERACTIVE SCHEME (NEDIS) and the domain is nedis.ng, which has very scant information about the scheme except for a blurb on the home page which says:

NIGERIA ENTERPRISES DEVELOPMENT INTERACTIVE SCHEME (NEDIS) is determined to support and build stable economy in Nigeria through collective efforts. NEDIS COVID-19 SPECIAL FUND 2021 is Contributory Intervention Fund (CIF) structure from NEDIS Interactive Partners, Individual Donors, Corporate Organizations, Government and International Community to support SMEs/Farmers/Traders badly hit by COVID-19 pandemic.

nedis.ng

The scheme claims to be a contributory intervention fund but does not list the donors, corporate organizations, or which government agency or parastatal involved, its’s all very vague.

Going to the contact us page reveals an address

The address, “35 Port Harcourt Cresent, Off Gimbiya Street, Area 11, Garki Abuja” is the current address of The Small and Medium Enterprises Development Agency (SMEDAN). Visiting the SMEDAN website we find no information concerning NEDIS on their list of programs or anywhere else on the website. Instead what we find on the SMEDAN website is a program called NADEP which NEDIS seems to copy. So here we have a purported scheme using an address that does not belong to it.

Moving on, we noticed a big green button on the top right corner labeled “guidelines,” clicking it takes us to the guidelines page.

Clicking on the “DOWNLOAD APPLICATION GUIDELINES” open a pdf document. The document has boldly written in red, “BEWARE, APPLICATION IS FREE”

But the second step of the applications process asks for payment for “Minimum Account Opening Balance.” The question to ask is since the scheme has several donors and funders why do you need to pay for a minimum account opening balance? Why don’t the donors cover this cost? Note that it is typical of scams to collect money under such pretexts as “registration” or “verification.”

Sure enough, navigating to the home page and clicking “Open Account Now” leads to a page that collects payment via flutterwave.

We also noticed the registration form asks for sensitive details as BVN and TIN numbers

Running the pdf file (registration form) through a document metadata checker we find the author’s name is given as “Henridam.” So Henridam is the author of our document.

Another thing we noticed on the homepage was a link to a login portal.

Looking at the source code of the portal we find that it is copied from another domain nedis.org.ng

Pulling up the whois information for both domains, we find nedis.org.ng was registered on the 25th of May while nedis.ng was registered on2nd of August. From this, we can infer that nedis.org.ng must have been the previous domain used before migration to the current domain nedis.ng

Doing a google search for the number listed as the Tech contact for nedis.org.ng turned up an interesting result. It led to a Facebook post by a page called “Integrity Heroes International Development Network.”

Snooping around the page, we found an image the listed the owner as Damkor T Henry.

As already noted above, the author of the document found on nedis.ng is HenriDam, this seems like a short form for Damkor T Henry, several other lines of evidence point to this conclusion. First, a search on Facebook led to a Facebook page with details pointing to nedis.ng

Clicking on the groups tab of the page, we find that it is linked to a group called ONE BENUE – ONE VOICE

Looking at the group admins for ONE BENUE – ONE VOICE, we found that two are named Damkor Henry

Second, nedis.ng has a link to their twitter handle @nedisexpress on their contact page. A visit to the twitter handle shows they are following 10 accounts and have 31 followers.

Perusing the 10 accounts followed by @nedisexpress we found one is named @DamkorHenry

From the foregoing we can deduce Damkor Henry is intimately connected with the scheme.

In conclusion, we strongly advise against registering for this as it appears to be an imitation of SMEDAN’s NADEP program, is not connected to any government instutution and has all the telltale signs of being a scam.

The post Nigerian Enterprises Development Interactive Scheme (NEDIS): An Investigation. appeared first on #NoGoFallMaga.

Escaping Social Media Impersonation Scams

Recently our Intel team received reports of cybercriminals impersonating brands on social media. We will like to highlight two of such cases.

The first is the impersonation of naijauto.com, a quick check reveals their social media handle on Facebook to be @Naijautocom – https://web.facebook.com/Naijautocom

We also see that the page was created on August 1, 2017, and has 111,311 followers.

The fact that it was created in 2017 and has a large number of followers are pointers that this is the real Facebook page for Naijauto. A search for Naijauto.com on Facebook revealed several other impostor accounts.

A visit to one of the impostor pages revealed it was opened on June 2, 2021.

And obviously, the social media handle is @naijauto.ng, a variation of the real account @Naijauto.com

The Modus Operandi of these scammers as revealed by someone who made a report is to make and advertise posts with pictures of cars slightly below the market value. Once a potential victim makes contact, they would claim the car is at a branch office in a faraway state and would need funds to deliver the car, and that full payment would be made upon delivery. Naturally, this sounds reasonable, as soon as the first payment is made, they begin to manufacture more issues to extort money till the victim finally realizes it is a scam.

The second is the impersonation of NPG farms on Instagram. A quick search showed several accounts.

The good thing about this was that the real account, @npgfarmsng had put out several posts warning people about other accounts impersonating them.

From the foregoing, here are simple steps you can take to protect yourself from these kinds of scams.

  • Always do a search using the profile or page name of the company on social media. If you see multiple accounts do not proceed till you can determine which if any are genuine. Note that cybercriminals also seek out businesses that do not have a social media presence to impersonate, hence seeing only one account does not mean that it is genuine.
  • Rather than trust what you see on social media, use a search engine to determine the website of the company or vendor, then navigate to their social media handles using the links listed on their website.
  • Look for historical information related to the account. Twitter lists when the account joined on the accounts profile, use page transparency for Facebook to see when the account was opened, and use name history for Instagram. An account that has been recently opened or has changed its name numerous times is more likely to be a scam.
  • Be wary of paying money into personal accounts. Of course not all businesses or vendors will be able to have a company account, but established businesses or vendors should have company accounts. If you find that the business or vendor is big or well established then a request to pay into a personal account is a sign that you might be dealing with scammers.
  • Always do a internet search with the business name and phone numbers given with words such as “scam” or “fraud.” Use search engines, search on various social media and forums like nairaland.
  • It’s always safer to make a purchase from a business or vendor who you know someone has used and comes highly recommended.

Adhering to all the aforementioned steps should keep you safe from social media impersonators.

The post Escaping Social Media Impersonation Scams appeared first on #NoGoFallMaga.